From sec-adv at secunia.com Tue Nov 1 11:37:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Nov 2011 19:37:54 +0100 Subject: [SEC] [SA46636] Gentoo update for chromium and v8 Message-ID: <201111011837.pA1Ibsma004896@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Gentoo update for chromium and v8 SECUNIA ADVISORY ID: SA46636 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46636/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46636 RELEASE DATE: 2011-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/46636/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46636/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46636 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for chromium and v8. This fixes a security issue and multiple vulnerabilities, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user's system. For more information: SA45097 SA46049 SA46308 SA46594 SOLUTION: Update to version "www-client/chromium-15.0.874.102" or later and to version "dev-lang/v8-3.5.10.22" or later. ORIGINAL ADVISORY: GLSA 201111-01: http://www.gentoo.org/security/en/glsa/glsa-201111-01.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 12:40:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Nov 2011 20:40:59 +0100 Subject: [SEC] [SA46630] NJStar Communicator MiniSmtp Packet Processing Buffer Overflow Vulnerability Message-ID: <201111011940.pA1JexHF029775@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: NJStar Communicator MiniSmtp Packet Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46630 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46630/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46630 RELEASE DATE: 2011-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/46630/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46630/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46630 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in NJStar Communicator, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the MiniSmtp server when processing packets. This can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 25. Successful exploitation allows execution of arbitrary code, but requires the MiniSmtp server to be running (not the default option). The vulnerability is confirmed in version 3.0.11818. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Dillon Beresford OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 13:36:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Nov 2011 21:36:40 +0100 Subject: [SEC] [SA46635] Joomla! Alameda Component "storeid" SQL Injection Vulnerability Message-ID: <201111012036.pA1KaeSt021872@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Joomla! Alameda Component "storeid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46635 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46635/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46635 RELEASE DATE: 2011-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/46635/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46635/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46635 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Alameda component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "storeid" parameter to index.php (when "option" is set to "com_alameda", "controller" is set to "comments", and "task" is set to "edit") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 1.0. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: kaMtiEz OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 14:36:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Nov 2011 22:36:18 +0100 Subject: [SEC] [SA46641] IBM AIX BIND Multiple Vulnerabilities Message-ID: <201111012136.pA1LaIAs014173@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: IBM AIX BIND Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46641 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46641/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46641 RELEASE DATE: 2011-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/46641/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46641/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46641 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged some vulnerabilities in AIX, which can be exploited by malicious people to conduct spoofing attacks. For more information: SA33404 SA38219 The vulnerabilities are reported in versions 5.3 and 6.1. SOLUTION: Apply APARs IV09978 and IV09491. ORIGINAL ADVISORY: IBM (IV09978, IV09491): http://www.ibm.com/support/docview.wss?uid=isg1IV09491 http://www.ibm.com/support/docview.wss?uid=isg1IV09978 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 15:29:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Nov 2011 23:29:42 +0100 Subject: [SEC] [SA46609] Squid DNS Replies Invalid Free Denial of Service Vulnerability Message-ID: <201111012229.pA1MTg3Y006134@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Squid DNS Replies Invalid Free Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46609 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46609/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46609 RELEASE DATE: 2011-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/46609/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46609/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46609 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain DNS replies, which can be exploited to trigger an invalid free via e.g. DNS replies containing a CNAME record pointing to another CNAME record pointing to an empty A record. The vulnerability is reported in versions prior to 3.1.16. SOLUTION: Update to version 3.1.16. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported in a Squid bug by M.A.Young. ORIGINAL ADVISORY: Squid Bug #3237: http://bugs.squid-cache.org/show_bug.cgi?id=3237 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 15:50:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 1 Nov 2011 23:50:32 +0100 Subject: [SEC] [SA46625] CSWorks LiveData Service TCP Packets Processing Denial of Service Vulnerability Message-ID: <201111012250.pA1MoWTP028877@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: CSWorks LiveData Service TCP Packets Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46625 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46625/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46625 RELEASE DATE: 2011-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/46625/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46625/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46625 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CSWorks, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the LiveData Service when processing TCP packets and can be exploited to cause a crash. The vulnerability is reported in versions prior to 2.0.4115.1. SOLUTION: Update to version 2.0.4115.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Kuang-Chun Hung, Security Research and Service Institute - Information and Communication Security Technology Center (ICST). ORIGINAL ADVISORY: CSWorks: http://www.controlsystemworks.com/blogengine/post/CSWorks-2041151-security-release.aspx JVN (English): http://jvn.jp/en/jp/JVN98649286/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000095.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 16:15:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 00:15:20 +0100 Subject: [SEC] [SA46665] Megatops YaTFTPSvr Directory Traversal Vulnerability Message-ID: <201111012315.pA1NFK1V019415@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Megatops YaTFTPSvr Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA46665 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46665/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46665 RELEASE DATE: 2011-11-01 DISCUSS ADVISORY: http://secunia.com/advisories/46665/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46665/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46665 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: demonalex has discovered a vulnerability in Megatops YaTFTPSvr, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system. The vulnerability is caused due an input validation error within the TFTP service and can be exploited to download or manipulate files in arbitrary locations outside the TFTP root via specially crafted directory traversal sequences. The vulnerability is confirmed in version 1.0.1.200. Other versions may also be affected. SOLUTION: Restrict access to the affected service to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: demonalex ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-10/0218.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 16:53:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 00:53:22 +0100 Subject: [SEC] [SA46214] SUSE update for quagga Message-ID: <201111012353.pA1NrMuF010601@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for quagga SECUNIA ADVISORY ID: SA46214 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46214/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46214 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46214/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46214/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46214 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46139 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1075-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00027.html openSUSE-SU-2011:1155-1: http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00007.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 17:18:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 01:18:24 +0100 Subject: [SEC] [SA46115] SonicWALL ViewPoint Multiple Vulnerabilities Message-ID: <201111020018.pA20IOZD001106@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SonicWALL ViewPoint Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46115 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46115/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46115 RELEASE DATE: 2011-09-27 DISCUSS ADVISORY: http://secunia.com/advisories/46115/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46115/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46115 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in SonicWALL ViewPoint, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Certain unspecified input passed to e.g. the FTP Usage, Logs, and Security Dashboard modules is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input passed to e.g. the Training, Current Sessions, Component, Report Layout / Template, and Scheduled Reports modules is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 3) Input passed via the "scheduleID" parameter to reports/scheduledreports/configure/scheduleProps.jsp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 6.0 SP2. Other versions may also be affected. SOLUTION: Apply hotfix (DTS reference number 104767) available via mySonicWALL. PROVIDED AND/OR DISCOVERED BY: 1, 2) Benjamin Kunz Mejri (Rem0ve). 3) Benjamin Kunz Mejri (Rem0ve) and Pim J.F. Campers (X4lt). ORIGINAL ADVISORY: http://www.vulnerability-lab.com/get_content.php?id=195 http://www.vulnerability-lab.com/get_content.php?id=196 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 17:51:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 01:51:30 +0100 Subject: [SEC] [SA46180] AdaptCMS Security Bypass and Cross-Site Scripting Vulnerabilities Message-ID: <201111020051.pA20pU14024504@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: AdaptCMS Security Bypass and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46180 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46180/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46180 RELEASE DATE: 2011-09-27 DISCUSS ADVISORY: http://secunia.com/advisories/46180/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46180/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46180 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered multiple vulnerabilities in AdaptCMS. These can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. 1) Input passed via the "view" parameter to admin.php is not properly verified and can be exploited to bypass the authentication mechanism and view the contents of the administration panel. 2) Input passed via the "view" parameter to admin.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "do" parameter (when "view" is set to "share") to admin.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 2.0.1. Other versions may also be affected. SOLUTION: Manually update the config.php file via the "file releases" section of the administration panel, which fixes vulnerabilities #1 and #2. Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: Insane Visions: http://www.insanevisions.com/article/293/News/AdaptCMS-201-Security-Hole Stefan Schurtz: http://www.rul3z.de/advisories/SSCHADV2011-018.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 18:19:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 02:19:43 +0100 Subject: [SEC] [SA46187] Fedora update for qt Message-ID: <201111020119.pA21JhRE015222@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Fedora update for qt SECUNIA ADVISORY ID: SA46187 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46187/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46187 RELEASE DATE: 2011-09-27 DISCUSS ADVISORY: http://secunia.com/advisories/46187/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46187/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46187 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for qt. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. For more information: SA46140 SOLUTION: Apply updated packages via the yum utility ("yum update qt"). ORIGINAL ADVISORY: FEDORA-2011-12145: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066209.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 18:51:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 02:51:32 +0100 Subject: [SEC] [SA46025] Atlassian JIRA Cross-Site Scripting and Script Insertion Vulnerabilities Message-ID: <201111020151.pA21pW29006095@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Atlassian JIRA Cross-Site Scripting and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA46025 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46025/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46025 RELEASE DATE: 2011-09-27 DISCUSS ADVISORY: http://secunia.com/advisories/46025/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46025/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46025 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Atlassian JIRA, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Certain unspecified input related to the JIRA administration interface when managing JIRA Bamboo plugin settings is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This vulnerability is reported in versions 4.3.x. 2) Certain unspecified input related to issue links and issue labels is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. These vulnerabilities are reported in versions 4.1.x through 4.3.x. SOLUTION: Update to version 4.4. PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Dave B. 2) Reported by the vendor. ORIGINAL ADVISORY: http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2011-09-27 https://jira.atlassian.com/browse/JRA-24773 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 19:16:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 03:16:31 +0100 Subject: [SEC] [SA46147] Ubuntu update for linux and linux-ec2 Message-ID: <201111020216.pA22GV1o029051@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux and linux-ec2 SECUNIA ADVISORY ID: SA46147 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46147/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46147 RELEASE DATE: 2011-09-27 DISCUSS ADVISORY: http://secunia.com/advisories/46147/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46147/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46147 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux and linux-ec2. This fixes two weaknesses and multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and to potentially gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA39080 SA42061 SA43496 SA43846 SA44466 SA44754 SA45420 SA45533 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1216-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001426.html USN-1218-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001430.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 19:52:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 03:52:35 +0100 Subject: [SEC] [SA46073] Barracuda IM Firewall Cross-Site Scripting and Script Insertion Vulnerabilities Message-ID: <201111020252.pA22qZg7020153@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Barracuda IM Firewall Cross-Site Scripting and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA46073 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46073/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46073 RELEASE DATE: 2011-09-26 DISCUSS ADVISORY: http://secunia.com/advisories/46073/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46073/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46073 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Barracuda IM Firewall, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Certain unspecified input passed to the SMTP module is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input related to user reports is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are reported in Barracuda IM Firewall 620 firmware version 4.2.01.004. Other versions may also be affected. SOLUTION: Reportedly, the vendor has issued a fix. Please contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: Benjamin Kunz Mejri (Rem0ve) and Pim J.F. Campers (X4lt) ORIGINAL ADVISORY: http://www.vulnerability-lab.com/get_content.php?id=27 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 20:25:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 04:25:00 +0100 Subject: [SEC] [SA46159] Debian update for openjdk-6 Message-ID: <201111020325.pA23P0K7011520@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Debian update for openjdk-6 SECUNIA ADVISORY ID: SA46159 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46159/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46159 RELEASE DATE: 2011-09-28 DISCUSS ADVISORY: http://secunia.com/advisories/46159/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46159/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46159 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openjdk-6. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA44784 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2311-1: http://lists.debian.org/debian-security-announce/2011/msg00188.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 20:51:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 04:51:48 +0100 Subject: [SEC] [SA46162] Citrix Provisioning Services Stream Service Integer Underflow Vulnerability Message-ID: <201111020351.pA23pmx9002117@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Citrix Provisioning Services Stream Service Integer Underflow Vulnerability SECUNIA ADVISORY ID: SA46162 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46162/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46162 RELEASE DATE: 2011-09-28 DISCUSS ADVISORY: http://secunia.com/advisories/46162/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46162/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46162 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Citrix Provisioning Services, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer underflow error in Ardence.CMessageUtils.fromMgrString() within Manager.dll when the Stream Service component parses strings in incoming requests. This can be exploited to cause a stack-based buffer overflow via a specially crafted request containing an zero size value sent to UDP port 6095. This may be related to an incomplete fix for: SA42954 Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.6 SP1. Other versions may also be affected. SOLUTION: Apply hotfix. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits AbdulAziz Hariri, ThirdEye Testers via ZDI. Additional details provided by Secunia Research. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX130846 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 21:15:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 05:15:36 +0100 Subject: [SEC] [SA46135] IceWarp Mail Server Two Vulnerabilities Message-ID: <201111020415.pA24Facr025058@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: IceWarp Mail Server Two Vulnerabilities SECUNIA ADVISORY ID: SA46135 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46135/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46135 RELEASE DATE: 2011-09-26 DISCUSS ADVISORY: http://secunia.com/advisories/46135/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46135/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46135 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in IceWarp Server, which can be exploited by malicious people to disclose sensitive information. 1) Certain input passed via SOAP messages to server/webmail.php is not properly verified before being used. This can be exploited to disclose the contents of arbitrary files. 2) An unspecified script, which calls the "phpinfo()" function, is stored with insecure permissions inside the web root. This can be exploited to gain knowledge of sensitive information (e.g. PHP configuration details) by requesting the file directly. The vulnerabilities are reported in version 10.3.2. Prior versions may also be affected. SOLUTION: Update to version 10.3.3. PROVIDED AND/OR DISCOVERED BY: David Kirkpatrick, Trustwave's SpiderLabs. ORIGINAL ADVISORY: Trustwave: https://www.trustwave.com/spiderlabs/advisories/TWSL2011-013.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 21:50:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 05:50:56 +0100 Subject: [SEC] [SA46181] Fedora update for cherokee Message-ID: <201111020450.pA24ouAH016128@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Fedora update for cherokee SECUNIA ADVISORY ID: SA46181 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46181/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46181 RELEASE DATE: 2011-09-26 DISCUSS ADVISORY: http://secunia.com/advisories/46181/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46181/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46181 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for cherokee. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to conduct brute force attacks and by malicious people to conduct cross-site request forgery attacks. For more information: SA44821 SOLUTION: Apply updated packages via the yum utility ("yum update cherokee"). ORIGINAL ADVISORY: FEDORA-2011-12687: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066257.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 22:16:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 06:16:48 +0100 Subject: [SEC] [SA46154] IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability Message-ID: <201111020516.pA25GmTC006695@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA46154 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46154/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46154 RELEASE DATE: 2011-09-26 DISCUSS ADVISORY: http://secunia.com/advisories/46154/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46154/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46154 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform unspecified actions when a logged-in user visits a malicious web site. The vulnerability is reported in versions prior to 7.0.0.19 and 8.0.0.1. SOLUTION: Update to version 7.0.0.19 or 8.0.0.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PM36734): http://www.ibm.com/support/docview.wss?uid=swg27022958 http://www.ibm.com/support/docview.wss?uid=swg27014463 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 22:52:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 06:52:09 +0100 Subject: [SEC] [SA46183] Fedora update for quassel Message-ID: <201111020552.pA25q9Ne030163@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Fedora update for quassel SECUNIA ADVISORY ID: SA46183 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46183/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46183 RELEASE DATE: 2011-09-26 DISCUSS ADVISORY: http://secunia.com/advisories/46183/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46183/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46183 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for quassel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45870 SOLUTION: Apply updated packages via the yum utility ("yum update quassel"). ORIGINAL ADVISORY: FEDORA-2011-12580: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066250.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 1 23:15:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 07:15:32 +0100 Subject: [SEC] [SA46133] Debian update for linux-2.6 Message-ID: <201111020615.pA26FWBr020623@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Debian update for linux-2.6 SECUNIA ADVISORY ID: SA46133 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46133/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46133 RELEASE DATE: 2011-09-26 DISCUSS ADVISORY: http://secunia.com/advisories/46133/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46133/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46133 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for linux-2.6. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and to potentially gain escalated privileges, by malicious people with physical access to potentially compromise a vulnerable system, and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA40205 SA43009 SA43496 SA44094 SA44466 SA44754 SA45695 SOLUTION: Apply updated packages via the apt-get package manager. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: DSA-2310-1: http://lists.debian.org/debian-security-announce/2011/msg00187.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 11:38:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 19:38:14 +0100 Subject: [SEC] [SA46699] Proficy Historian Cross-Site Scripting and Buffer Overflow Vulnerabilities Message-ID: <201111021838.pA2IcE8w015307@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Proficy Historian Cross-Site Scripting and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA46699 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46699/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46699 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46699/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46699/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46699 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Proficy Historian, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. 1) Certain unspecified input is not properly sanitised within the Web Administrator component before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An error in the Data Archiver service (ihDataArchiver.exe or ihDataArchiver_x64.exe) when processing certain network messages can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 14000. Successful exploitation of this vulnerability may allow execution of arbitrary code. Please see the vendor's advisories for a list of affected versions. SOLUTION: Apply updates. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Billy Rios and Terry McCorkle via ICS-CERT. 2) Luigi Auriemma via ZDI. ORIGINAL ADVISORY: GE (GEIP11-01, GEIP11-03): http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-03%20Security%20Advisory%20-%20Proficy%20Historian%20Web%20Administrator.pdf http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-01%20Security%20Advisory%20-%20Proficy%20Historian%20ihDataArchiver.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 12:37:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 20:37:45 +0100 Subject: [SEC] [SA45793] Apache HTTP Server "ap_pregsub()" Privilege Escalation Vulnerability Message-ID: <201111021937.pA2JbjLK007569@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Apache HTTP Server "ap_pregsub()" Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA45793 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45793/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45793 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/45793/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45793/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45793 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: halfdog has discovered a vulnerability in Apache HTTP Server, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an integer overflow within the "ap_pregsub()" function (server/utils.c) and can be exploited to cause a heap-based buffer overflow via a specially crafted ".htaccess" file. The vulnerability is confirmed in versions 2.0.64 and 2.2.21. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: halfdog ORIGINAL ADVISORY: http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/ http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 13:36:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 21:36:44 +0100 Subject: [SEC] [SA46700] Proficy Plant Applications Multiple Services Buffer Overflow Vulnerabilities Message-ID: <201111022036.pA2Kaioh032256@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Proficy Plant Applications Multiple Services Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA46700 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46700/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46700 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46700/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46700/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46700 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Proficy Plant Applications, which can be exploited by malicious people to compromise a vulnerable system. 1) An error in the Server Manager service (PRProficyMgr.exe) can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12293. 2) An error in the Server Gateway (PRGateway.exe) can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12294. 3) An error in the Remote Data Service (PRRDS.exe) can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12299. 4) An error in the Server License Manager (PRLicenseMgr.exe) can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to TCP port 12401. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply updates. PROVIDED AND/OR DISCOVERED BY: The vendor credits Luigi Auriemma via ZDI. ORIGINAL ADVISORY: GE (GEIP-11-02): http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14493/en_US/GEIP11-02%20Security%20Advisory%20-%20Proficy%20Plant%20Applications%20services.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 14:35:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 22:35:42 +0100 Subject: [SEC] [SA46692] Attachmate Reflection Insecure Library Loading Vulnerability Message-ID: <201111022135.pA2LZgIB024514@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Attachmate Reflection Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA46692 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46692/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46692 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46692/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46692/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46692 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Attachmate Reflection, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application loading certain libraries in an insecure manner, which can be exploited to load arbitrary libraries by tricking a user into opening certain files located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. The vulnerabilities are reported in versions prior to 14.1 SP1 in the following products: * Reflection for HP * Reflection for UNIX and OpenVMS * Reflection for ReGIS Graphics * Reflection X SOLUTION: Update to version 14.1 SP1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.attachmate.com/techdocs/1708.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 15:31:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 23:31:05 +0100 Subject: [SEC] [SA46701] Oracle Solaris Gimp Multiple Vulnerabilities Message-ID: <201111022231.pA2MV5pE016611@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Gimp Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46701 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46701/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46701 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46701/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46701/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46701 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged some vulnerabilities in Gimp included in Solaris, which can be exploited by malicious people to compromise a user's system. For more information: SA42771 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://blogs.oracle.com/sunsecurity/entry/multiple_buffer_overflow_vulnerabilities_in OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 15:57:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 2 Nov 2011 23:57:38 +0100 Subject: [SEC] [SA46702] Bennet-Tec TList ActiveX Control "SaveData()" Insecure Method Message-ID: <201111022257.pA2Mvc6r007212@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Bennet-Tec TList ActiveX Control "SaveData()" Insecure Method SECUNIA ADVISORY ID: SA46702 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46702/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46702 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46702/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46702/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46702 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Bennet-Tec TList ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the TList ActiveX control providing an insecure "SaveData()" method, which can be exploited to create or overwrite arbitrary files in the context of the currently logged-on user. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in versions 6.5.16.0 and 8.0.26.0. Other versions may also be affected. SOLUTION: Set the kill-bit for the ActiveX control. PROVIDED AND/OR DISCOVERED BY: Originally reported in Oracle Hyperion Financial Management by rgod. ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_ohfm_adv.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 16:54:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 00:54:19 +0100 Subject: [SEC] [SA46670] Oracle Hyperion Financial Management TList ActiveX Control "SaveData()" Insecure Method Message-ID: <201111022354.pA2NsJSC031741@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Oracle Hyperion Financial Management TList ActiveX Control "SaveData()" Insecure Method SECUNIA ADVISORY ID: SA46670 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46670/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46670 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46670/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46670/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46670 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: rgod has discovered a vulnerability in Oracle Hyperion Financial Management, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a vulnerable bundled version of the TList ActiveX Control. For more information: SA46702 The vulnerability is confirmed in version 11.1.2.1.0 (TList6.ocx 6.0.11). Other versions may also be affected. SOLUTION: Set the kill-bit for the ActiveX control. PROVIDED AND/OR DISCOVERED BY: rgod ORIGINAL ADVISORY: rgod: http://retrogod.altervista.org/9sg_ohfm_adv.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 17:23:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 01:23:49 +0100 Subject: [SEC] [SA46686] VP-ASP Unspecified SQL Injection Vulnerability Message-ID: <201111030023.pA30Nnxp022518@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: VP-ASP Unspecified SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46686 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46686/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46686 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46686/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46686/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46686 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in VP-ASP, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in 7.x versions released prior to the 24th October, 2011. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Chris Wood. ORIGINAL ADVISORY: http://www.vpasp.com/blog/Security-Patch-released-for-SQL-Server-issue/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 18:00:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 02:00:28 +0100 Subject: [SEC] [SA46682] Oracle Solaris Adobe Flash Player Multiple Vulnerabilities Message-ID: <201111030100.pA310SU9013642@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46682 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46682/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46682 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46682/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46682/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46682 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged multiple vulnerabilities in Adobe Flash Player included in Solaris, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system. For more information: SA45583 SA44846 SA44964 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer1 http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_adobe_flashplayer2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 18:34:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 02:34:46 +0100 Subject: [SEC] [SA46676] Attachmate Reflection for the Web Java Double Literal Denial of Service Vulnerability Message-ID: <201111030134.pA31Yk7C004652@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Attachmate Reflection for the Web Java Double Literal Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46676 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46676/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46676 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46676/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46676/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46676 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Attachmate has acknowledged a vulnerability in Attachmate Reflection for the Web, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1 in: SA43262 The vulnerability is reported in versions prior to Reflection for the Web 2008 R3 Build 527. SOLUTION: Update to Reflection for the Web 2008 R3 Build 527 or later. ORIGINAL ADVISORY: http://support.attachmate.com/techdocs/1704.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 19:07:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 03:07:03 +0100 Subject: [SEC] [SA46644] Wireshark Multiple Vulnerabilities Message-ID: <201111030207.pA3273jJ027968@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Wireshark Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46644 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46644/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46644 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46644/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46644/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46644 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An error related to an uninitialised variable within the CSN.1 dissector can be exploited to cause a crash. Note: This vulnerability only affects versions 1.6.0 to 1.6.2. 2) A NULL pointer dereference error within the Infiniband dissector can be exploited to cause a crash. 3) An error within the ERF file parser can be exploited to cause a heap-based buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code. SOLUTION: Update to version 1.6.3 or 1.4.10. PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. 2, 3) Huzaifa Sidhpurwala, Red Hat Security Response Team. ORIGINAL ADVISORY: Wireshark: http://www.wireshark.org/security/wnpa-sec-2011-17.html http://www.wireshark.org/security/wnpa-sec-2011-18.html http://www.wireshark.org/security/wnpa-sec-2011-19.html Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=750645 https://bugzilla.redhat.com/show_bug.cgi?id=750648 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 19:34:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 03:34:39 +0100 Subject: [SEC] [SA46683] HP OpenView Network Node Manager Multiple Unspecified Vulnerabilities Message-ID: <201111030234.pA32YdFB018651@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: HP OpenView Network Node Manager Multiple Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA46683 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46683/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46683 RELEASE DATE: 2011-11-02 DISCUSS ADVISORY: http://secunia.com/advisories/46683/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46683/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46683 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to unspecified errors. No further information is currently available. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in versions 7.51 and 7.53 running on HP-UX, Linux, Solaris, and Windows. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Aniway.Anyway at gmail.com via ZDI. ORIGINAL ADVISORY: HPSBMU02712 SSRT100649: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03054052 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 20:13:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 04:13:59 +0100 Subject: [SEC] [SA46131] JAKCMS Security Bypass and Arbitrary File Upload Vulnerabilities Message-ID: <201111030313.pA33DxTh010330@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: JAKCMS Security Bypass and Arbitrary File Upload Vulnerabilities SECUNIA ADVISORY ID: SA46131 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46131/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46131 RELEASE DATE: 2011-09-26 DISCUSS ADVISORY: http://secunia.com/advisories/46131/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46131/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46131 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in JAKCMS, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system. 1) An error in e.g. the js/editor/plugins/jakadminexplorer/index.php script does not properly validate the session and can be exploited bypass the authentication mechanism and gain access to certain administrative functions. 2) An error in e.g. the js/editor/plugins/jakadminexplorer/php/action.php script does not properly validate uploaded files and can be exploited to execute arbitrary PHP code by uploading a PHP file. Successful exploitation of this vulnerability requires authentication, but can e.g. be exploited in combination with vulnerability #1. The vulnerabilities are confirmed in version 2.2.6. Other versions may also be affected. SOLUTION: Restrict access to the "js/editor/plugins" directory (e.g. via .htaccess). The vendor has also released a fix, however, the fix is ineffective. PROVIDED AND/OR DISCOVERED BY: EgiX ORIGINAL ADVISORY: http://www.jakcms.com/tracker/t/61/security-flaw-imagefilemanager OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 20:52:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 04:52:41 +0100 Subject: [SEC] [SA46182] Fedora update for openldap Message-ID: <201111030352.pA33qfUW001564@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Fedora update for openldap SECUNIA ADVISORY ID: SA46182 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46182/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46182 RELEASE DATE: 2011-09-26 DISCUSS ADVISORY: http://secunia.com/advisories/46182/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46182/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46182 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openldap. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA43331 SOLUTION: Apply updated packages via the yum utility ("yum update openldap"). ORIGINAL ADVISORY: FEDORA-2011-3627: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066251.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 21:16:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 05:16:30 +0100 Subject: [SEC] [SA46107] PHP "is_a()" Change in Functional Behaviour Security Issue Message-ID: <201111030416.pA34GUw1024499@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: PHP "is_a()" Change in Functional Behaviour Security Issue SECUNIA ADVISORY ID: SA46107 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46107/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46107 RELEASE DATE: 2011-09-26 DISCUSS ADVISORY: http://secunia.com/advisories/46107/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46107/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46107 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in PHP, which potentially can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to a change in the behaviour of the "is_a()" function when receiving strings as first argument, which can lead to the "__autoload()" function being called unexpectedly. In context of certain applications that rely on PHP's previous behaviour and do not properly verify input in their "__autoload()" function, this change can open up unexpected attack vectors, which can potentially be exploited to e.g. execute arbitrary PHP code by including arbitrary files from remote resources. The security issue is reported in version 5.3.7 and 5.3.8. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: Reported in a PHP bug by Mads, gartneriet.dk. ORIGINAL ADVISORY: https://bugs.php.net/bug.php?id=55475 http://www.byte.nl/blog/2011/09/23/security-bug-in-is_a-function-in-php-5-3-7-5-3-8/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 21:53:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 05:53:11 +0100 Subject: [SEC] [SA46058] Dolphin Browser HD for Android Sandbox Security Bypass Security Issue Message-ID: <201111030453.pA34rBew015631@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Dolphin Browser HD for Android Sandbox Security Bypass Security Issue SECUNIA ADVISORY ID: SA46058 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46058/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46058 RELEASE DATE: 2011-09-26 DISCUSS ADVISORY: http://secunia.com/advisories/46058/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46058/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46058 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Dolphin Browser HD for Android, which can be exploited by malicious people to bypass certain security features. The security issue is caused due to an error within the the URL loading of the application, which can be exploited to bypass the sandbox and inject and execute script code in the context of an arbitrary domain. Successful exploitation requires that a malicious application is installed and used. The security issue is reported in version 6.0.0. Other versions may also be affected. SOLUTION: Reportedly fixed in version 6.1.0. PROVIDED AND/OR DISCOVERED BY: Roee Hay and Yair Amit, IBM Rational Application Security Research Group ORIGINAL ADVISORY: http://blog.watchfire.com/files/advisory-dolphin.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 22:16:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 06:16:59 +0100 Subject: [SEC] [SA46146] Sunway ForceControl / pNetPower Directory Traversal and ActiveX Control Vulnerabilities Message-ID: <201111030516.pA35GxlE006097@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Sunway ForceControl / pNetPower Directory Traversal and ActiveX Control Vulnerabilities SECUNIA ADVISORY ID: SA46146 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46146/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46146 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46146/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46146/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46146 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered two vulnerabilities in Sunway ForceControl and Sunway pNetPower, which can be exploited by malicious people to disclose system information and compromise a user's system. 1) An error in NetServer.exe when processing certain packets can be exploited to disclose the contents of arbitrary files via directory traversal specifiers sent in a specially crafted packet to TCP port 2006. 2) The application bundles a vulnerable version of the Read & Write Excel ActiveX control. For more information: SA46144 The vulnerabilities are confirmed in the following versions (other versions may also be affected): * Sunway ForceControl 6.1 SP3. * Sunway pNetPower 6.0. SOLUTION: Set the kill-bit for the ActiveX control. Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/forcecontrol_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 22:55:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 06:55:07 +0100 Subject: [SEC] [SA46144] CellCtrl Read & Write Excel ActiveX Control "Login()" Buffer Overflow Vulnerability Message-ID: <201111030555.pA35t7sH029718@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: CellCtrl Read & Write Excel ActiveX Control "Login()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46144 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46144/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46144 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46144/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46144/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46144 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in CellCtrl, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the "Login()" method of the Read & Write Excel ActiveX control (RWXls.RWXlsCtrl.2). This can be exploited to cause a stack-based buffer overflow via an overly long string passed in the "Password" parameter. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 5.3.9.15 (YRWXls.ocx 5.3.7.321). Other versions may also be affected. SOLUTION: Set the kill-bit for the ActiveX control. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/forcecontrol_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 2 23:19:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 07:19:18 +0100 Subject: [SEC] [SA46050] SUSE update for jakarta-commons-daemon Message-ID: <201111030619.pA36JIWh020218@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for jakarta-commons-daemon SECUNIA ADVISORY ID: SA46050 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46050/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46050 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46050/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46050/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46050 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for jakarta-commons-daemon. This fixes a weakness, which can be exploited by malicious people to disclose sensitive information. The weakness is caused due to an error in jsvc, which does not drop permissions for the application to access files and directories owned by the super user. This can lead to certain applications being able to access files and directories of the super user. This weakness is related to SA45641. SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1062-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00024.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 11:40:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 19:40:10 +0100 Subject: [SEC] [SA46657] eFront Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201111031840.pA3IeAEt010362@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: eFront Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46657 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46657/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46657 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46657/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46657/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46657 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in eFront, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "user" parameter to www/administrator.php is not properly sanitised in before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the URL to www/index.php is not properly sanitised in www/themes/default/templates/includes/blocks/login.tpl, www/themes/default/templates/includes/header_code.tpl, www/themes/default/templates/includes/blocks/cart.tpl, libraries/direction.class.php, www/themes/default/templates/index.tpl, and www/themes/default/templates/includes/closing.tpl before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 3.6.10 build 12151. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: 1) Canberk Bolat, Mavituna Security 2) Canberk Bolat, Mavituna Security and High-Tech Bridge SA ORIGINAL ADVISORY: NS-11-007 (Mavituna Security): http://www.mavitunasecurity.com/XSS-Vulnerability-in-eFront/ HTB23053: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_efront.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 12:40:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 20:40:07 +0100 Subject: [SEC] [SA46654] Spacewalk Multiple Vulnerabilities Message-ID: <201111031940.pA3Je70O002651@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Spacewalk Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46654 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46654/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46654 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46654/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46654/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46654 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Spacewalk, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. 1) Certain input passed via urlBounce is not properly verified in java/code/src/com/redhat/rhn/frontend/action/LoginAction.java before being used to redirect users. This can be exploited to redirect a user to an arbitrary website. 2) Certain input related to parameter names is not properly sanitised in java/code/src/com/redhat/rhn/frontend/taglibs/list/ListTagUtil.java before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Certain input passed related to a hidden element is not properly sanitised in java/code/src/com/redhat/rhn/frontend/taglibs/list/ListTagUtil.java before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Certain input related to search pages is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) Certain input related to PXT and self-referencing links is not properly sanitised in web/modules/pxt/PXT/Handlers.pm before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities #1 through #5 are related to: SA46056 SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Disclosed in GIT commits. Originally reported in a Red Hat advisory for Red Hat Network Satellite Server. Red Hat credits: 1) Thomas Biege, SUSE Security Team 2) Daniel Karanja Muturi 3) Nils Juenemann and The Bearded Warriors 4) Nils Juenemann 5) Sylvain Maes ORIGINAL ADVISORY: Spacewalk: http://git.fedorahosted.org/git?p=spacewalk.git;a=commit;h=e23b716fe82672c143177275799985ce56dc468d http://git.fedorahosted.org/git?p=spacewalk.git;a=commit;h=2d9c34e7b682b375ea32595f0dd38b61f424a24f http://git.fedorahosted.org/git?p=spacewalk.git;a=commit;h=e91fab3da553f37d58aa43c067347010e8c95225 http://git.fedorahosted.org/git?p=spacewalk.git;a=commit;h=6ca26364228b6b1f1010d910b9911244eb37b883 http://git.fedorahosted.org/git?p=spacewalk.git;a=commit;h=a9da89b35581f4eedfb6ca7ddff4343b9ea21f15 http://git.fedorahosted.org/git?p=spacewalk.git;a=commit;h=e0c4ae8dd7093bbe6a12ab4462272fbab573e098 http://git.fedorahosted.org/git?p=spacewalk.git;a=commit;h=3a03e49904465ec5f16bde31c92e67c0b85ef1b9 http://git.fedorahosted.org/git?p=spacewalk.git;a=commit;h=890781d7ec983e32fe83af2f7c033d087292851f OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 13:43:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 21:43:18 +0100 Subject: [SEC] [SA46675] SUSE update for SUSE Manager Message-ID: <201111032043.pA3KhIKV027581@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for SUSE Manager SECUNIA ADVISORY ID: SA46675 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46675/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46675 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46675/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46675/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46675 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for SUSE Manager. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. For more information: SA46654 SOLUTION: Apply patch via the zypper package manager (see vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SUSE-SU-2011:1200-1: https://hermes.opensuse.org/messages/12260718 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 14:37:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 22:37:27 +0100 Subject: [SEC] [SA46447] phpMyadmin XML Entity References Information Disclosure Vulnerability Message-ID: <201111032137.pA3LbRaZ019593@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: phpMyadmin XML Entity References Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA46447 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46447/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46447 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46447/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46447/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46447 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: 80sec has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious users to disclose potentially sensitive information. The vulnerability is caused due to an error within libraries/import/xml.php when processing XML data, which can be exploited to e.g. disclose contents of certain local files and perform certain actions on the local network by sending specially crafted XML data including external entity references. The vulnerability is confirmed in version 3.4.7. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: 80sec ORIGINAL ADVISORY: WooYun-2011-03185: http://www.wooyun.org/bugs/wooyun-2010-03185 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 15:31:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 3 Nov 2011 23:31:48 +0100 Subject: [SEC] [SA46714] DotNetNuke Editor Script Insertion Vulnerability Message-ID: <201111032231.pA3MVmYg011630@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: DotNetNuke Editor Script Insertion Vulnerability SECUNIA ADVISORY ID: SA46714 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46714/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46714 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46714/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46714/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46714 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in DotNetNuke, which can be exploited by malicious users to conduct script insertion attacks. The application does not properly sanitise certain input passed via editor before being used. This can be exploited to insert certain HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. Successful exploitation requires access and editor permissions to a respective HTML module in versions prior to 5.5.0 and in application deployments with disabled messaging component. The vulnerability is reported in versions prior to 5.6.4 and prior to 6.1.0. Note: Additionally a password field on the registration page has been adjusted to prevent automatic filling due to a "auto remember" feature of a browser. SOLUTION: Update to version 5.6.4 or 6.1.0. PROVIDED AND/OR DISCOVERED BY: The vendor credits Richard Lundeen of Microsoft and Microsoft Vulnerability Research (MSVR). ORIGINAL ADVISORY: DNN 2011-14-L: http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.58.aspx DNN 2011-15-M: http://www.dotnetnuke.com/News/Security-Policy/Security-bulletin-no.59.aspx OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 16:05:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 00:05:56 +0100 Subject: [SEC] [SA46674] SetSeed "loggedInUser" SQL Injection Vulnerability Message-ID: <201111032305.pA3N5u7m002614@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SetSeed "loggedInUser" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46674 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46674/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46674 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46674/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46674/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46674 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered a vulnerability in SetSeed, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "loggedInUser" COOKIE parameter to e.g. index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 5.8.20. Other versions may also be affected. SOLUTION: Update to version 5.11.2. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic, Zero Science Lab. ORIGINAL ADVISORY: ZSL-2011-5053: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5053.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 16:34:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 00:34:18 +0100 Subject: [SEC] [SA46711] SUSE update for rpm Message-ID: <201111032334.pA3NYIWm025763@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for rpm SECUNIA ADVISORY ID: SA46711 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46711/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46711 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46711/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46711/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46711 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for rpm. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA46096 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1203-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00000.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 17:07:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 01:07:42 +0100 Subject: [SEC] [SA46680] Drupal Views Module SQL Injection Vulnerability Message-ID: <201111040007.pA407gMk016738@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Drupal Views Module SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46680 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46680/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46680 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46680/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46680/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46680 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Views module for Drupal, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via certain filters or arguments on certain types of views is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions prior to 6.x-2.13. SOLUTION: Update to version 6.x-2.13 or later Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Olli Vesslin. ORIGINAL ADVISORY: SA-CONTRIB-2011-052: http://drupal.org/node/1329898 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 17:32:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 01:32:55 +0100 Subject: [SEC] [SA46673] Drupal Hotblocks Module Multiple Vulnerabilities Message-ID: <201111040032.pA40Wtpe007281@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Drupal Hotblocks Module Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46673 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46673/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46673 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46673/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46673/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46673 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the Hotblocks module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks and bypass certain security restrictions. 1) The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform unspecified actions by tricking a logged in user into visiting a malicious web site. 2) Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires the "administer hotblocks" permission. 3) An unspecified error exists when handling access permissions. No further information is currently available. The vulnerability is reported in versions prior to 6.x-1.6. SOLUTION: Update to version 6.x-1.6 Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Greg Knaddison of the Drupal Security Team. ORIGINAL ADVISORY: SA-CONTRIB-2011-051: http://drupal.org/node/1329756 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 18:07:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 02:07:58 +0100 Subject: [SEC] [SA46620] Calibre "calibre-mount-helper" Weaknesses and Security Issues Message-ID: <201111040107.pA417wfl030754@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Calibre "calibre-mount-helper" Weaknesses and Security Issues SECUNIA ADVISORY ID: SA46620 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46620/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46620 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46620/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46620/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46620 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some weaknesses and a security issues have been reported in Calibre, which can be exploited by malicious, local users to manipulate certain data and gain escalated privileges. 1) An error within the "calibre-mount-helper" utility can be exploited to create arbitrary root-owned directories. 2) An error within the "calibre-mount-helper" utility can be exploited to delete arbitrary empty directories. 3) An error within the "calibre-mount-helper" utility can be exploited to create and delete the ".created_by_calibre_mount_helper" file in arbitrary directories. 4) The "calibre-mount-helper" utility does not use the full path when invoking other programs, which can be exploited to execute arbitrary applications as root by changing the "PATH" environment variable. 5) The "calibre-mount-helper" utility can be used to mount, unmount, and eject arbitrary directories and mountpoints. 6) Race conditions within the mount process can be exploited to e.g. mount arbitrary directories via symlink attacks. Note: Additionally, it's possible to inject arguments to the "mount" utility. SOLUTION: Restrict access to trusted users only or remove the suid bit from the "calibre-mount-helper" utility. PROVIDED AND/OR DISCOVERED BY: Jason A. Donenfeld. Additional information provided by Dan Rosenberg. ORIGINAL ADVISORY: https://bugs.launchpad.net/calibre/+bug/885027/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 18:32:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 02:32:37 +0100 Subject: [SEC] [SA46697] Fedora update for perl Message-ID: <201111040132.pA41Wb5C021287@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Fedora update for perl SECUNIA ADVISORY ID: SA46697 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46697/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46697 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46697/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46697/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46697 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for perl. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA46172 SA46279 SOLUTION: Apply updated packages via the yum utility ("yum update perl"). ORIGINAL ADVISORY: FEDORA-2011-13874: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068753.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 19:04:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 03:04:49 +0100 Subject: [SEC] [SA46708] SUSE update for pam Message-ID: <201111040204.pA424nQI012178@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for pam SECUNIA ADVISORY ID: SA46708 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46708/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46708 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46708/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46708/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46708 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for pam. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. For more information: SA46583 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1204-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00001.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 19:30:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 03:30:18 +0100 Subject: [SEC] [SA46709] SUSE update for pam Message-ID: <201111040230.pA42UIna002714@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for pam SECUNIA ADVISORY ID: SA46709 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46709/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46709 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46709/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46709/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46709 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for pam. This fixes a security issue and two vulnerabilities, which can be exploited by malicious, local users to potentially perform certain actions with escalated privileges, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA40978 SA46583 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1205-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00003.html SUSE-SU-2011:1207-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00004.html SUSE-SU-2011:1209-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00006.html openSUSE-SU-2011:1208-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00005.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 19:51:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 03:51:45 +0100 Subject: [SEC] [SA46678] Red Hat update for openswan Message-ID: <201111040251.pA42pjKh025513@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for openswan SECUNIA ADVISORY ID: SA46678 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46678/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46678 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46678/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46678/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46678 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for openswan. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service). For more information: SA46681 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1422-01: https://rhn.redhat.com/errata/RHSA-2011-1422.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 20:28:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 04:28:05 +0100 Subject: [SEC] [SA46710] Red Hat update for php Message-ID: <201111040328.pA43S50W017129@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for php SECUNIA ADVISORY ID: SA46710 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46710/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46710 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46710/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46710/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46710 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for php. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. For more information: SA43328 SA44874 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1423-01: https://rhn.redhat.com/errata/RHSA-2011-1423.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 20:54:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 04:54:49 +0100 Subject: [SEC] [SA46679] Red Hat update for php53 Message-ID: <201111040354.pA43snha007731@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for php53 SECUNIA ADVISORY ID: SA46679 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46679/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46679 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46679/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46679/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46679 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for php53. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. For more information: SA43328 SA44874 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1423-01: https://rhn.redhat.com/errata/RHSA-2011-1423.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 21:18:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 05:18:08 +0100 Subject: [SEC] [SA46712] LightDM "xsession_setup()" Privilege Escalation Security Issue Message-ID: <201111040418.pA44I8Mp030611@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: LightDM "xsession_setup()" Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA46712 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46712/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46712 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46712/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46712/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46712 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in LightDM, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the "xsession_setup()" function (src/xsession.c) incorrectly changing the ownership of the "~/.Xauthority" file, which can be exploited to change the ownership of arbitrary files via symlink attacks. The security issue is reported in versions 1.0.4 and 1.0.5. SOLUTION: Update to version 1.0.6. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://lists.freedesktop.org/archives/lightdm/2011-November/000178.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 21:54:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 05:54:27 +0100 Subject: [SEC] [SA46664] Cisco Small Business SRP520 / SRP540 Series Command Injection Vulnerability Message-ID: <201111040454.pA44sRGv021731@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Cisco Small Business SRP520 / SRP540 Series Command Injection Vulnerability SECUNIA ADVISORY ID: SA46664 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46664/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46664 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46664/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46664/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46664 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Small Business SRP520 / SRP540 series, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the Services Ready Platform Configuration Utility web interface when processing certain HTTP requests and can be exploited to inject and execute arbitrary shell commands e.g. by tricking a logged-in administrator into following a malicious link. The vulnerability is reported in the following products and versions: * Cisco SRP521W versions prior to 1.1.24. * Cisco SRP526W versions prior to 1.1.24. * Cisco SRP527W versions prior to 1.1.24. * Cisco SRP541W versions prior to 1.2.1. * Cisco SRP546W versions prior to 1.2.1. * Cisco SRP547W versions prior to 1.2.1. SOLUTION: Update to version 1.1.24 or 1.2.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Michal Sajdak, Securitum. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111102-srp500 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 22:19:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 06:19:25 +0100 Subject: [SEC] [SA46696] Citrix XenDesktop Client Drive Mapping Policy Bypass Security Issue Message-ID: <201111040519.pA45JPb6012267@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Citrix XenDesktop Client Drive Mapping Policy Bypass Security Issue SECUNIA ADVISORY ID: SA46696 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46696/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46696 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46696/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46696/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46696 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Citrix XenDesktop, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to an error within the implementation of Client Drive Mapping when enforcing a policy on the Virtual Desktop Agent. This could lead to the users being able to access otherwise restricted client drives. Successful exploitation requires that a server-side policy is used to disable Client Drive Mapping. The security issue is reported in version 4.0. SOLUTION: Apply hotfix. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://support.citrix.com/article/CTX131198 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 22:55:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 06:55:21 +0100 Subject: [SEC] [SA46666] Serendipity "serendipity[filter][bp.ALT]" Cross-Site Scripting Vulnerability Message-ID: <201111040555.pA45tLT2003363@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Serendipity "serendipity[filter][bp.ALT]" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46666 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46666/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46666 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46666/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46666/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46666 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered a vulnerability in Serendipity, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "serendipity[filter][bp.ALT]" parameter in serendipity_admin_image_selector.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.5.5. Prior versions may also be affected. SOLUTION: Update to version 1.6 or later. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: Serendipity: http://blog.s9y.org/archives/233-Serendipity-1.6-released.html https://github.com/s9y/Serendipity/commit/1f037b462761cd592b90541ce4dfda2518ad4711 Stefan Schurtz: http://www.rul3z.de/advisories/SSCHADV2011-015.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 3 23:25:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 07:25:40 +0100 Subject: [SEC] [SA46685] Oracle Solaris Apache HTTP Server mod_proxy_ajp Denial of Service Vulnerability Message-ID: <201111040625.pA46Pefn026586@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Apache HTTP Server mod_proxy_ajp Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46685 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46685/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46685 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46685/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46685/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46685 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Apache HTTP Server included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46013 SOLUTION: Apply bug fix 7092986. ORIGINAL ADVISORY: http://blogs.oracle.com/sunsecurity/entry/cve_2011_3348_denial_of OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 11:38:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 19:38:06 +0100 Subject: [SEC] [SA46738] SUSE update for apache2 Message-ID: <201111041838.pA4Ic6Vt020674@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for apache2 SECUNIA ADVISORY ID: SA46738 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46738/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46738 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46738/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46738/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46738 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for apache2. This fixes two vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA46013 SA46288 Note: Additionally this update refines a previous fix for CVE-2011-3192. SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1215-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00007.html openSUSE-SU-2011:1217-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00009.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 12:37:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 20:37:16 +0100 Subject: [SEC] [SA46721] Opengear Console Servers Authentication Security Bypass Vulnerability Message-ID: <201111041937.pA4JbG0p012935@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Opengear Console Servers Authentication Security Bypass Vulnerability SECUNIA ADVISORY ID: SA46721 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46721/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46721 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46721/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46721/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46721 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Opengear Console Servers, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error and can be exploited to bypass the authentication mechanism. The vulnerability is reported in versions prior to 2.2.1. SOLUTION: Update to version 2.2.1. PROVIDED AND/OR DISCOVERED BY: JVN credits Tadayoshi Nakahira. ORIGINAL ADVISORY: http://jvn.jp/en/jp/JVN71349007/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000096.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 13:36:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 21:36:48 +0100 Subject: [SEC] [SA46713] WordPress Bonus Theme "s" Cross-Site Scripting Vulnerability Message-ID: <201111042036.pA4KamgU005211@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: WordPress Bonus Theme "s" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46713 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46713/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46713 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46713/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46713/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46713 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Bonus theme for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "s" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: 3spi0n ORIGINAL ADVISORY: http://packetstormsecurity.org/files/106558/ilyasinfo-xss.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 14:37:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 22:37:43 +0100 Subject: [SEC] [SA46716] Serendipity Karma Plugin Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201111042137.pA4Lbh8Z029989@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Serendipity Karma Plugin Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46716 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46716/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46716 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46716/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46716/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46716 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered multiple vulnerabilities in Serendipity, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "serendipity[filter][entryid]", "serendipity[filter][ip]", "serendipity[filter][title]", and "serendipity[filter][user_agent]" parameters in serendipity_admin.php (when "serendipity[adminModule]" is set to "event_display" and "serendipity[adminAction]" is set to "karmalog") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the "Karma" plugin is enabled. The vulnerabilities are confirmed in version 1.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: Stefan Schurtz: http://www.rul3z.de/advisories/SSCHADV2011-017.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 15:52:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 23:52:00 +0100 Subject: [SEC] [SA46743] HP TCP/IP Services for OpenVMS Security Bypass and Denial of Service Vulnerabilities Message-ID: <201111042252.pA4Mq0em011821@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: HP TCP/IP Services for OpenVMS Security Bypass and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46743 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46743/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46743 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46743/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46743/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46743 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in HP TCP/IP Services for OpenVMS, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). 1) An unspecified error related to POP and IMAP servers can be exploited to bypass certain security restrictions. 2) An unspecified error related to SMTP servers can be exploited to cause a crash. The vulnerabilities are reported in versions 5.6 and 5.7 on iTanium and ALPHA Servers. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Peter Weaver 2) Christer ?berg ORIGINAL ADVISORY: HPSBOV02467 SSRT090152: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01908983 HPSBOV02470 SSRT080123: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01915145 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 15:52:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 4 Nov 2011 23:52:08 +0100 Subject: [SEC] [SA46487] IBM DB2 Tools for z/OS CAE Server Directory Information Disclosure Security Issue Message-ID: <201111042252.pA4Mq8HD011931@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: IBM DB2 Tools for z/OS CAE Server Directory Information Disclosure Security Issue SECUNIA ADVISORY ID: SA46487 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46487/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46487 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46487/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46487/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46487 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in IBM DB2 Tools for z/OS, which can be exploited by malicious people to disclose system information. The security issue is caused due to the Client Application Enabler (CAE) server allowing directory browsing and can be exploited to disclose information about directories and filenames. The security issue is reported in version 2.3.0. SOLUTION: Apply APAR PM41190. PROVIDED AND/OR DISCOVERED BY: Reporter by the vendor. ORIGINAL ADVISORY: IBM (PM41190): http://www.ibm.com/support/docview.wss?uid=swg1PM41190 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 16:17:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 00:17:22 +0100 Subject: [SEC] [SA46704] CaupoShop Pro "template" File Disclosure Vulnerability Message-ID: <201111042317.pA4NHMaS002863@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: CaupoShop Pro "template" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA46704 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46704/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46704 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46704/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46704/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46704 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CaupoShop Pro, which can be exploited by malicious people to disclose sensitive information. Input passed via the "template" parameter to index.php (when "action" is set to "template") is not properly verified before being used to read files. This can be exploited to read the content of arbitrary files from local resources via directory traversal sequences. The vulnerability is reported in version 3.72. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Rami Salama OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 16:53:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 00:53:20 +0100 Subject: [SEC] [SA46642] SUSE update for apache2 Message-ID: <201111042353.pA4NrKYO026368@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for apache2 SECUNIA ADVISORY ID: SA46642 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46642/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46642 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46642/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46642/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46642 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for apache2. This fixes two vulnerabilities, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). For more information: SA40206 Note: Additionally this update provides a fix for CVE-2011-3192 for "SUSE Linux Enterprise Server (SLES) 10" SP2. For more information: SA45892 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1216-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 17:20:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 01:20:18 +0100 Subject: [SEC] [SA46735] EMC Documentum eRoom Arbitrary File Upload Vulnerability Message-ID: <201111050020.pA50KIXZ017017@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: EMC Documentum eRoom Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46735 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46735/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46735 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46735/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46735/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46735 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in EMC Documentum eRoom, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the application improperly validating uploaded files and can be exploited to upload arbitrary files inside the webroot. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions 7.3 and later. SOLUTION: Update to version 7.4.3.g PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-11/att-0018/ESA-2011-032.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 17:53:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 01:53:07 +0100 Subject: [SEC] [SA46645] Multiple Sky Arc Systems Products Security Bypass and Cross-Site Request Forgery Vulnerabilities Message-ID: <201111050053.pA50r7TU007944@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Multiple Sky Arc Systems Products Security Bypass and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA46645 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46645/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46645 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46645/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46645/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46645 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in multiple Sky Arc Systems products, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site request forgery attacks. 1) Due to an unspecified error certain privileged actions are not properly restricted. This can be exploited to e.g. manipulate certain settings and files. 2) The applications allow users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. manipulate certain information managed by the applications when a logged-in user visits a specially crafted web page. The vulnerabilities are reported in the following products: * MTCMS version 5.251 and earlier. * MTCMS Enterprise version 5.251 and earlier. * MTCMS Smart version 5.251 and earlier. * MultiFileUploader Movable Type plugin version 0.44 and earlier. * DuplicateEntry Movable Type plugin version 1.2 and earlier. * AutoTagging Movable Type plugin version 0.08 and earlier. SOLUTION: Update to fixed versions. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MTCMS (Japanese): http://www.mtcms.jp/news/product/201110131921.html http://www.skyarc.co.jp/engineerblog/entry/multifileuploader.html http://www.skyarc.co.jp/engineerblog/entry/duplicateentry.html http://www.skyarc.co.jp/engineerblog/entry/autotagging.html JVN (English): http://jvn.jp/en/jp/JVN56667137/index.html http://jvn.jp/en/jp/JVN41032068/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 18:21:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 02:21:14 +0100 Subject: [SEC] [SA46730] Red Hat update for perl Message-ID: <201111050121.pA51LEc2031059@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for perl SECUNIA ADVISORY ID: SA46730 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46730/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46730 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46730/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46730/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46730 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for perl. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA46172 SA46279 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1424-01: https://rhn.redhat.com/errata/RHSA-2011-1424.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 18:53:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 02:53:35 +0100 Subject: [SEC] [SA46724] Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability Message-ID: <201111050153.pA51rZO4021976@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Microsoft Windows win32k.sys TrueType Font Parsing Vulnerability SECUNIA ADVISORY ID: SA46724 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46724/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46724 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46724/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46724/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46724 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the Win32k kernel-mode driver (win32k.sys) when parsing TrueType fonts. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply the Microsoft Fix it. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day. ORIGINAL ADVISORY: Microsoft (KB2639658): http://technet.microsoft.com/en-us/security/advisory/2639658 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 19:19:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 03:19:03 +0100 Subject: [SEC] [SA46732] RSA Data Protection Manager Session Termination Weakness Message-ID: <201111050219.pA52J3JP012536@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: RSA Data Protection Manager Session Termination Weakness SECUNIA ADVISORY ID: SA46732 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46732/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46732 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46732/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46732/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46732 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in RSA Data Protection Manager, which can be exploited by malicious people with physical access to bypass certain security restrictions. The weakness is caused due to an error in the logout mechanism, which fails to terminate the session and can be exploited to access the authenticated sections. Successful exploitation requires that Firefox 4 or Firefox 5 is used. The weakness is reported in version 2.7 Service Pack 1. SOLUTION: Apply Hotfix 6. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-11/att-0022/ESA-2011-035.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 19:54:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 03:54:40 +0100 Subject: [SEC] [SA46734] HP OpenView Network Node Manager Apache Multiple Denial of Service Vulnerabilities Message-ID: <201111050254.pA52seke003597@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: HP OpenView Network Node Manager Apache Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46734 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46734/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46734 RELEASE DATE: 2011-11-04 DISCUSS ADVISORY: http://secunia.com/advisories/46734/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46734/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46734 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has acknowledged multiple vulnerabilities in HP OpenView Network Node Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA44574 SA45606 SA46013 The vulnerabilities are reported in version 7.53 running on HP-UX, Linux, and Solaris. SOLUTION: Apply the Apache-2.2.21 update. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: HPSBMU02704 SSRT100619: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03011498 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 20:26:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 04:26:11 +0100 Subject: [SEC] [SA46693] Serv-U Web Client Cross-Site Scripting Vulnerability Message-ID: <201111050326.pA53QBi2027371@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Serv-U Web Client Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46693 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46693/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46693 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46693/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46693/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46693 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Serv-U, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input passed to the web client is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 11.0.0.4. SOLUTION: Update to version 11.0.0.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor ORIGINAL ADVISORY: http://www.serv-u.com/releasenotes/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 20:52:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 04:52:20 +0100 Subject: [SEC] [SA46662] BestShopPro "str" Cross-Site Scripting Vulnerability Message-ID: <201111050352.pA53qKU4017964@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: BestShopPro "str" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46662 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46662/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46662 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46662/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46662/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46662 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BestShopPro, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "str" parameter in nowosci.php (when "a" is set to "1") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: CoBRa_21 ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18063/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 21:20:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 05:20:06 +0100 Subject: [SEC] [SA46663] Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201111050420.pA54K6BT008644@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA46663 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46663/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46663 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46663/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46663/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46663 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Mesut Timur has discovered multiple vulnerabilities in Symphony CMS, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "profile" parameter to the URL is not properly sanitised in extensions/profiledevkit/content/content.profile.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "filter" parameter to symphony/publish/images is not properly sanitised in symphony/lib/core/class.symphony.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "filter" parameter to symphony/publish/comments is not properly sanitised in symphony/content/content.publish.php before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Note: This vulnerability can further be exploited to conduct cross-site scripting attacks via SQL error messages. Successful exploitation of this vulnerability requires "Author" privileges. The vulnerabilities are confirmed in version 2.2.3. Prior versions may also be affected. SOLUTION: Update to version 2.2.4 or later. PROVIDED AND/OR DISCOVERED BY: Mesut Timur, Mavituna Security. ORIGINAL ADVISORY: Symphony: http://symphony-cms.com/download/releases/version/2.2.4/ https://github.com/symphonycms/symphony-2/commit/476e4926e2773588eab10dd3036f27e1411521b5 Mavituna Security (NS-11-008): http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-symphony-cms/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 21:52:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 05:52:09 +0100 Subject: [SEC] [SA46655] LightDM "~/.dmrc" and "~/.Xauthority" Privilege Escalation Security Issue Message-ID: <201111050452.pA54q9d2031955@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: LightDM "~/.dmrc" and "~/.Xauthority" Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA46655 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46655/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46655 RELEASE DATE: 2011-11-03 DISCUSS ADVISORY: http://secunia.com/advisories/46655/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46655/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46655 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in LightDM, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to LightDM writing e.g. the "~/.dmrc" and "~/.Xauthority" files as root user, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The security issue is reported in versions prior to 0.9.6. SOLUTION: Update to version 0.9.6. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Sebastian Krahmer ORIGINAL ADVISORY: http://lists.freedesktop.org/archives/lightdm/2011-September/000127.html http://www.openwall.com/lists/oss-security/2011/08/24/7 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 22:17:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 06:17:26 +0100 Subject: [SEC] [SA46160] AWStats Two Cross-Site Scripting Vulnerabilities Message-ID: <201111050517.pA55HQ2r022514@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: AWStats Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46160 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46160/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46160 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46160/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46160/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46160 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MustLive has discovered two vulnerabilities in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "url" and "key" parameters to awredir.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in versions 6.95 and 7.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://websecurity.com.ua/5380/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 22:54:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 06:54:30 +0100 Subject: [SEC] [SA46132] FBC-Market Multiple Vulnerabilities Message-ID: <201111050554.pA55sU8W013673@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: FBC-Market Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46132 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46132/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46132 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46132/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46132/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46132 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in FBC-Market, which can be exploited by malicious people to conduct cross-site scripting, script insertion, and cross site request forgery attacks. 1) Input passed to the "msg" parameter in /admin/login.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "md_title" and "md_description" POST parameters in controller.php is not properly sanitised before being used. This can be exploited to insert HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. 3) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. conduct script insertion attacks when a logged-in administrator visits a specially crafted web page. 4) Input passed to the "q" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities have been confirmed in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: 1-3) WiiHac, Vulnerability Research Laboratory 4) An anonymous person ORIGINAL ADVISORY: Vulnerability-Lab: http://www.vulnerability-lab.com/get_content.php?id=281 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 4 23:19:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 07:19:02 +0100 Subject: [SEC] [SA46137] Oracle Solaris Apache HTTP Server ByteRange Filter Denial of Service Vulnerability Message-ID: <201111050619.pA56J27X004164@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Apache HTTP Server ByteRange Filter Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46137 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46137/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46137 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46137/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46137/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46137 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_denial_of OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 11:39:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 19:39:16 +0100 Subject: [SEC] [SA46143] Red Hat update for JBoss Enterprise SOA Platform Message-ID: <201111051839.pA5IdGhs031057@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for JBoss Enterprise SOA Platform SECUNIA ADVISORY ID: SA46143 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46143/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46143 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46143/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46143/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46143 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for JBoss Enterprise SOA Platform. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information see vulnerability #1 in: SA45942 NOTE: Successful exploitation of this vulnerability requires that an application on a vulnerable platform is configured to trust a malicious source. SOLUTION: Apply update. Please see the vendor's advisory for details. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1334-01: https://rhn.redhat.com/errata/RHSA-2011-1334.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 12:38:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 20:38:41 +0100 Subject: [SEC] [SA46186] Fedora update for libsoup Message-ID: <201111051938.pA5JcfAt023360@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Fedora update for libsoup SECUNIA ADVISORY ID: SA46186 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46186/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46186 RELEASE DATE: 2011-09-26 DISCUSS ADVISORY: http://secunia.com/advisories/46186/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46186/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46186 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libsoup. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information. For more information: SA45426 SOLUTION: Apply updated packages via the yum utility ("yum update libsoup"). ORIGINAL ADVISORY: FEDORA-2011-9820: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066219.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 13:39:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 21:39:11 +0100 Subject: [SEC] [SA46128] Red Hat update for qt Message-ID: <201111052039.pA5KdB6l015694@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for qt SECUNIA ADVISORY ID: SA46128 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46128/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46128 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46128/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46128/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46128 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for qt. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. For more information: SA41537 SA46140 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1323-01: https://rhn.redhat.com/errata/RHSA-2011-1323.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 14:38:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 22:38:12 +0100 Subject: [SEC] [SA46119] Red Hat update for evolution28-pango and frysk Message-ID: <201111052138.pA5LcCXq007956@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for evolution28-pango and frysk SECUNIA ADVISORY ID: SA46119 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46119/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46119 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46119/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46119/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46119 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for evolution28-pango and frysk. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. For more information see vulnerability #2 in: SA41537 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1325-01: https://rhn.redhat.com/errata/RHSA-2011-1325.html RHSA-2011:1327-01: https://rhn.redhat.com/errata/RHSA-2011-1327.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 15:30:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 23:30:43 +0100 Subject: [SEC] [SA46141] WordPress WP-RecentComments Plugin "page" Cross-Site Scripting Vulnerability Message-ID: <201111052230.pA5MUhdM032296@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: WordPress WP-RecentComments Plugin "page" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46141 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46141/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46141 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46141/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46141/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46141 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the WP-RecentComments plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "page" parameter to index.php (when "action" is set to "rc-ajax") is not properly sanitised in wp-content/plugins/wp-recentcomments/core.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 2.0.7. SOLUTION: Update to version 2.0.7. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: WP-RecentComments: http://wordpress.org/extend/plugins/wp-recentcomments/changelog/ http://plugins.trac.wordpress.org/changeset/416723/wp-recentcomments/trunk/core.php?old=316325&old_path=wp-recentcomments%2Ftrunk%2Fcore.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 15:52:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 5 Nov 2011 23:52:08 +0100 Subject: [SEC] [SA46153] ldns Unknown RR Type Handling Buffer Overflow Vulnerability Message-ID: <201111052252.pA5Mq8mJ022653@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: ldns Unknown RR Type Handling Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46153 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46153/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46153 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46153/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46153/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46153 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ldns, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error in the "ldns_rr_new_frm_str_internal()" function in rr.c when handling the data of unknown RR types ("\#"). This can be exploited to cause a heap-based buffer overflow by e.g. processing specially crafted DNS Resource Records. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 1.6.10. Other versions may also be affected. SOLUTION: Update to version 1.6.11. PROVIDED AND/OR DISCOVERED BY: Reported by David Keeler in a bug report. ORIGINAL ADVISORY: http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 16:18:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 00:18:18 +0100 Subject: [SEC] [SA45987] FortiMail Two Cross-Site Scripting Vulnerabilities Message-ID: <201111052318.pA5NII3x013268@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: FortiMail Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA45987 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45987/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45987 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/45987/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45987/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45987 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in FortiMail, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "name" and "password" parameters in module/admin.fe is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in FortiMail-100 and FortiMail-400 version 4,build0245,101208 (MR1 Patch 2). SOLUTION: Filter malicious characters or character sequences via a proxy. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: SSCHADV2011-011: http://www.rul3z.de/advisories/SSCHADV2011-011.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 16:52:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 00:52:14 +0100 Subject: [SEC] [SA46105] Xen DMA Requests IOMMU Denial of Service Weakness Message-ID: <201111052352.pA5NqEt1004242@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Xen DMA Requests IOMMU Denial of Service Weakness SECUNIA ADVISORY ID: SA46105 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46105/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46105 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46105/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46105/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46105 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service). The weakness is caused due to Xen not properly restricting bogus DMA requests to PCI/PCIE devices under direct control by the virtual machine, which can be exploited to cause IOMMU faults and a high CPU load or deadlock. For more information: SA45622 SOLUTION: Fixed in the Mercurial repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://lists.xensource.com/archives/html/xen-devel/2011-08/msg00450.html http://xenbits.xen.org/hg/staging/xen-4.1-testing.hg/rev/84e3706df07a OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 17:18:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 01:18:05 +0100 Subject: [SEC] [SA46079] WordPress A. Gallery Plugin "src" Arbitrary File Upload Message-ID: <201111060018.pA60I5ip027252@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: WordPress A. Gallery Plugin "src" Arbitrary File Upload SECUNIA ADVISORY ID: SA46079 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46079 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46079/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46079/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46079 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the A. Gallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/a-gallery/timthumb.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files. This may be related to vulnerability #1 in: SA45416 The vulnerability is confirmed in version 0.9 revision 378511. Prior version may also be affected. SOLUTION: Update to version 0.9 revision 438727. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ A. Gallery: http://plugins.trac.wordpress.org/changeset/438727/a-gallery OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 17:54:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 01:54:07 +0100 Subject: [SEC] [SA45495] phpList Multiple Vulnerabilities Message-ID: <201111060054.pA60s7rR018356@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: phpList Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45495 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45495/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45495 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/45495/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45495/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45495 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered multiple vulnerabilities in phpList, which can be exploited by malicious users to conduct script insertion and SQL injection attacks and by malicious people to conduct cross-site scripting and script insertion attacks. 1) Input passed via the "usercheck" parameter to admin/index.php (when "page" is set to "usercheck") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "strCharSet" parameter to admin/pagetop.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires that "register_globals" is enabled. 3) Input passed via the "description" parameter when adding or editing a subscriber list description is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will execute in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability requires permissions to manage lists. 4) Input passed via the "login" parameter to admin/index.php is not properly sanitised in admin/eventlog.php before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will execute in a user's browser session in context of an affected site when the malicious data is being viewed. 5) Input passed via the "findby" parameter to admin/index.php (when "page" is set to "users") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires permissions to manage users. The vulnerabilities are confirmed in version 2.10.14. Other versions may also be affected. SOLUTION: Update to version 2.10.17. PROVIDED AND/OR DISCOVERED BY: Secunia Research ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-63/ http://secunia.com/secunia_research/2011-64/ http://secunia.com/secunia_research/2011-65/ phpList: http://www.phplist.com/?lid=555 http://www.phplist.com/?lid=556 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 18:21:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 02:21:02 +0100 Subject: [SEC] [SA46130] NX Server / Node nxconfigure.sh Privilege Escalation Vulnerability Message-ID: <201111060121.pA61L2De008987@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: NX Server / Node nxconfigure.sh Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA46130 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46130/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46130 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46130/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46130/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46130 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: NGS Secure has reported a vulnerability in NX Server and NX Node, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The vulnerability is caused due to an unspecified error within the "/usr/NX/scripts/restricted/nxconfigure.sh" script and can be exploited to execute arbitrary commands with root privileges. The vulnerability is reported in NX Node versions prior to 3.5.0-4 and NX Server versions prior to 3.5.0-5. SOLUTION: Update to NX Node version 3.5.0-4 or NX Server 3.5.0-5. PROVIDED AND/OR DISCOVERED BY: NGS Secure Research ORIGINAL ADVISORY: NoMachine: http://www.nomachine.com/tr/view.php?id=TR08I02575 NGS Secure: http://archives.neohapsis.com/archives/bugtraq/2011-09/0131.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 18:54:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 02:54:17 +0100 Subject: [SEC] [SA46118] Red Hat update for pango Message-ID: <201111060154.pA61sH03032346@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for pango SECUNIA ADVISORY ID: SA46118 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46118/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46118 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46118/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46118/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46118 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for pango. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. For more information see vulnerability #2 in: SA41537 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1326-01: https://rhn.redhat.com/errata/RHSA-2011-1326.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 19:18:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 03:18:24 +0100 Subject: [SEC] [SA46138] OneCMS "rank" SQL Injection Vulnerability Message-ID: <201111060218.pA62IObY022854@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: OneCMS "rank" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46138 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46138/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46138 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46138/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46138/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46138 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in OneCMS, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "rank" parameter to boards.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled. The vulnerability is confirmed in version 2.6.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: kurdish hackers team OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 19:54:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 03:54:49 +0100 Subject: [SEC] [SA46065] Opera Mobile for Android Insecure Cache Permissions Security Issue Message-ID: <201111060254.pA62snNh013960@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Opera Mobile for Android Insecure Cache Permissions Security Issue SECUNIA ADVISORY ID: SA46065 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46065/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46065 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46065/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46065/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46065 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Opera Mobile for Android, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to insecure permissions of the cache folder, which can be exploited to disclose or manipulate cache information and e.g. execute arbitrary JavaScript code in context of an arbitrary domain. Successful exploitation requires that a malicious application is installed. The vulnerability is reported in Opera Mobile 11.1. SOLUTION: Update to version 11.1 update 2. PROVIDED AND/OR DISCOVERED BY: Roee Hay, IBM Rational Application Security Research Group ORIGINAL ADVISORY: Opera: http://my.opera.com/operamobile/blog/2011/09/13/android-11-1-update-2-ready-for-download Roee Hay: http://blog.watchfire.com/files/advisory-opera-cp-xas.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 20:30:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 04:30:58 +0100 Subject: [SEC] [SA46103] Authenex Strong Authentication Server "username" SQL Injection Vulnerability Message-ID: <201111060330.pA63UwF0003691@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Authenex Strong Authentication Server "username" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46103 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46103/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46103 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46103/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46103/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46103 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Foreground Security has reported a vulnerability in Authenex Strong Authentication Server, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "username" parameter to akeyActivationLogin.do is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that the End User Self Service module is running. The vulnerability is reported in versions 3.1.0.2 and 3.1.0.3. Other versions may also be affected. SOLUTION: Apply patch ASAS3102Update4 or ASAS3103Update2. PROVIDED AND/OR DISCOVERED BY: Jose Carlos de Arriba, Foreground Security. ORIGINAL ADVISORY: Authenex (AUTH11-001): http://support.authenex.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=125 http://support.authenex.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=126 Foreground Security: http://foregroundsecurity.com/blog/authenex-a-key-asas-web-management-control-3102-time-based-sql-injection.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 20:51:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 04:51:04 +0100 Subject: [SEC] [SA46111] FFmpeg Multiple Vulnerabilities Message-ID: <201111060351.pA63p423026393@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: FFmpeg Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46111 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46111/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46111 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46111/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46111/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46111 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to potentially compromise an application using the library. 1) An integer underflow error within the "asfrtp_parse_packet()" function (libavformat/rtpdec_asf.c) can be exploited to cause a memory corruption by sending specially crafted ASF packets over RTP. 2) A signedness error within the "decode_mb_i()" function (libavcodec/cavsdec.c) can be exploited by tricking a user into opening a specially crafted Chinese AVS (CAVS) files. This is related to vulnerability #1 in: SA45532 3) A memory allocation error within the "av_probe_input_buffer()" function (libavformat/utils.c) can be exploited to cause a memory corruption. The vulnerabilities are reported in versions prior to 0.7.4 and 0.8.3. SOLUTION: Update to version 0.7.4 or 0.8.3. PROVIDED AND/OR DISCOVERED BY: 1) Jeong Wook Oh, Microsoft Vulnerability Research (MSVR). 2) Reported by the vendor. 3) The vendor credits Tanami Ohad. ORIGINAL ADVISORY: FFmpeg: http://ffmpeg.org/releases/ffmpeg-0.7.4.changelog http://ffmpeg.org/releases/ffmpeg-0.8.3.changelog Microsoft Vulnerability Research: http://technet.microsoft.com/en-us/security/msvr/msvr11-012 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 21:17:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 05:17:34 +0100 Subject: [SEC] [SA46134] FFmpeg Multiple Vulnerabilities Message-ID: <201111060417.pA64HYKA017010@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: FFmpeg Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46134 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46134/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46134 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46134/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46134/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46134 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in FFmpeg, which potentially can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to various errors related to the "svq3_get_se_golomb()" function and can be exploited by tricking a user into opening specially crafted media files. The vulnerabilities are reported in versions prior to 0.7.5 and 0.8.4. SOLUTION: Update to version 0.7.5 or 0.8.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://ffmpeg.org/releases/ffmpeg-0.7.5.changelog http://ffmpeg.org/releases/ffmpeg-0.8.4.changelog OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 21:51:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 05:51:47 +0100 Subject: [SEC] [SA46046] apt "apt-key" Key Verification Security Issue Message-ID: <201111060451.pA64pln3008012@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: apt "apt-key" Key Verification Security Issue SECUNIA ADVISORY ID: SA46046 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46046/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46046 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46046/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46046/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46046 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in apt, which can be exploited by malicious people to bypass certain security features. The security issue is caused due to "net-update" command of the "apt-key" script not properly verifying downloaded keys, which can be exploited to install malicious keys via Man-in-the-Middle (MitM) attacks, potentially allowing attackers to e.g. install forged packages. Successful exploitation requires that apt is configured to support this command (e.g. URI to the keyring archive needs to be set). SOLUTION: Do not use the "net-update" command. Manually verify installed keys. PROVIDED AND/OR DISCOVERED BY: Georgi Guninski ORIGINAL ADVISORY: Georgi Guninski: http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0256.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 22:18:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 06:18:18 +0100 Subject: [SEC] [SA46057] TANDBERG C Series Endpoints Script Insertion and Denial of Service Vulnerabilities Message-ID: <201111060518.pA65IHpY031048@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: TANDBERG C Series Endpoints Script Insertion and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46057 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46057/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46057 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46057/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46057/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46057 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in TANDBERG C Series Endpoints, which can be exploited by malicious users to conduct script insertion attacks and cause a DoS (Denial of Service). 1) Input passed as the Call ID when calling another endpoint is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed on an affected device when the malicious data is being viewed. 2) An error in the tshell application can be exploited to dereference an invalid memory address via overly long strings passed via the "location" parameter to the getXML script. The vulnerabilities are reported in version 4.1.2 and prior. SOLUTION: Update to version 4.2.0, which fixes vulnerability #2. Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: David Klein, Sense of Security. ORIGINAL ADVISORY: http://www.senseofsecurity.com.au/advisories/SOS-11-010 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 22:52:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 06:52:50 +0100 Subject: [SEC] [SA46109] TANDBERG MXP Series Endpoint Script Insertion and Denial of Service Vulnerabilities Message-ID: <201111060552.pA65qo8x022063@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: TANDBERG MXP Series Endpoint Script Insertion and Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46109 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46109/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46109 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46109/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46109/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46109 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in TANDBERG MXP Series Endpoint, which can be exploited by malicious users to conduct script insertion attacks and cause a DoS (Denial of Service). For more information: SA46057 The vulnerabilities are reported in version F9.1 and prior. SOLUTION: Filter malicious characters and character sequences using a proxy. Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: David Klein, Sense of Security. ORIGINAL ADVISORY: http://www.senseofsecurity.com.au/advisories/SOS-11-010 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 5 23:17:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 07:17:54 +0100 Subject: [SEC] [SA46140] Qt TIFF Grayscale Image Processing Buffer Overflow Vulnerability Message-ID: <201111060617.pA66HsVV012596@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Qt TIFF Grayscale Image Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46140 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46140/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46140 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46140/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46140/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46140 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Qt, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. The vulnerability is caused due to an error in the TIFF reader (src/gui/image/qtiffhandler.cpp) when processing grayscale images and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 4.7.4. Other versions may also be affected. SOLUTION: Fixed in the Git repository. PROVIDED AND/OR DISCOVERED BY: Disclosed in a Git commit. ORIGINAL ADVISORY: https://qt.gitorious.org/qt/qt/commit/cb6380beb81ab9571c547270c144988781fed465 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 10:38:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 19:38:10 +0100 Subject: [SEC] [SA46122] HP NonStop Server Samba Multiple Vulnerabilities Message-ID: <201111061838.pA6IcApj007078@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: HP NonStop Server Samba Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46122 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46122/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46122 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46122/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46122/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46122 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in HP NonStop Server, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise a vulnerable system and by malicious people to conduct cross-site scripting and request forgery attacks. 1) The application bundles a vulnerable version of Samba. For more information: SA45393 2) An unspecified error exists. No more information is currently available. Successful exploitation of this vulnerability may allow execution of arbitrary code. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply SPR T1201H01^AAC. PROVIDED AND/OR DISCOVERED BY: 2) Reported by the vendor. ORIGINAL ADVISORY: HPSBNS02701 SSRT100598: http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 11:38:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 20:38:00 +0100 Subject: [SEC] [SA46155] SUSE update for flash-player Message-ID: <201111061938.pA6Jc0sE031804@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for flash-player SECUNIA ADVISORY ID: SA46155 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46155/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46155 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46155/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46155/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46155 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for flash-player. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. For more information: SA46113 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1060-1: https://hermes.opensuse.org/messages/11868434 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 12:37:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 21:37:03 +0100 Subject: [SEC] [SA46101] Drupal Hostmaster (Aegir) Module Custom Body Classes Cross-Site Scripting Vulnerability Message-ID: <201111062037.pA6Kb3OG024064@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Drupal Hostmaster (Aegir) Module Custom Body Classes Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46101 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46101/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46101 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46101/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46101/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46101 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Hostmaster (Aegir) module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed via custom body classes is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 6.x-1.4. SOLUTION: Update to version 1.4. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: The vendor credits Khawer Masood and affiliated security team. ORIGINAL ADVISORY: SA-CONTRIB-2011-041: http://drupal.org/node/1286536 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 13:36:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 22:36:57 +0100 Subject: [SEC] [SA46127] NetBSD libXfont LZW Decompression Privilege Escalation Vulnerability Message-ID: <201111062136.pA6LavXZ016395@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: NetBSD libXfont LZW Decompression Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA46127 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46127/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46127 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46127/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46127/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46127 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in NetBSD, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA45544 SOLUTION: Apply patches. Please see the vendor's advisory for more information. ORIGINAL ADVISORY: http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2011-007.txt.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 14:30:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 23:30:24 +0100 Subject: [SEC] [SA46020] FortiNet FortiAnalyzer Cross-Site Scripting and Script Insertion Vulnerabilities Message-ID: <201111062230.pA6MUOUs008357@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: FortiNet FortiAnalyzer Cross-Site Scripting and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA46020 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46020/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46020 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46020/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46020/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46020 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in FortiNet FortiAnalyzer, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Certain unspecified input related to device groups is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input related to log filters is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Benjamin Kunz Mejri, Vulnerability Research Laboratory. ORIGINAL ADVISORY: http://www.vulnerability-lab.com/get_content.php?id=145 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 14:51:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 6 Nov 2011 23:51:18 +0100 Subject: [SEC] [SA46126] Red Hat update for JBoss Enterprise Web Server Message-ID: <201111062251.pA6MpInT031105@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for JBoss Enterprise Web Server SECUNIA ADVISORY ID: SA46126 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46126/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46126 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46126/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46126/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46126 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for JBoss Enterprise Web Server. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1330-01: https://rhn.redhat.com/errata/RHSA-2011-1330.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 15:16:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 00:16:16 +0100 Subject: [SEC] [SA46125] Red Hat update for httpd and httpd22 Message-ID: <201111062316.pA6NGGcM021652@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for httpd and httpd22 SECUNIA ADVISORY ID: SA46125 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46125/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46125 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46125/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46125/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46125 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for httpd and httpd22. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1329-01: https://rhn.redhat.com/errata/RHSA-2011-1329.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 15:51:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 00:51:40 +0100 Subject: [SEC] [SA46086] Ayco Emlak Multiple SQL Injection Vulnerabilities Message-ID: <201111062351.pA6Npepm012726@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Ayco Emlak Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA46086 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46086/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46086 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46086/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46086/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46086 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Ayco Emlak, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed via the "ilanid" parameter to detay.asp and the "id" parameter to kategoriler.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "id" parameter to link.asp (when "page" is set to "referanslarimiz") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: m3rciL3Ss OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 16:17:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 01:17:31 +0100 Subject: [SEC] [SA46117] Red Hat update for qt4 Message-ID: <201111070017.pA70HVZa003297@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for qt4 SECUNIA ADVISORY ID: SA46117 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46117/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46117 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46117/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46117/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46117 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for qt4. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise an application using the library. For more information: SA24727 SA41537 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1324-01: https://rhn.redhat.com/errata/RHSA-2011-1324.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 16:52:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 01:52:41 +0100 Subject: [SEC] [SA46113] Adobe Flash Player Multiple Vulnerabilities Message-ID: <201111070052.pA70qf0A026770@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46113 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46113/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46113 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46113/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46113/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46113 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOTE: This vulnerability is reportedly being actively exploited in targeted attacks. 2) An error within the ActionScript Virtual Machine 2 (AVM2) when handling a certain function parameters can be exploited to cause a stack-based buffer overflow. 3) An error within the ActionScript Virtual Machine (AVM) can be exploited to cause a stack-based buffer overflow. 4) A logic error can be exploited to corrupt memory. 5) An unspecified error can be exploited to bypass the security control and e.g. disclose certain sensitive information. 6) A logic error when streaming certain media can be exploited to corrupt memory. The vulnerabilities are reported in the following products: * Adobe Flash Player versions 10.3.183.7 and prior for Windows, Macintosh, Linux, and Solaris. * Adobe Flash Player versions 10.3.186.6 and prior for Android. SOLUTION: Update to a fixed version. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1) Reported as a 0-day. The vendor additionally credits Google. 2) Bing Liu, Fortinet's FortiGuard Labs. The vendor credits: 3) Yang Dingning, NCNIPC, Graduate University of Chinese Academy of Sciences. 4) Huzaifa Sidhpurwala, Red Hat Security Response Team. 5) Neil Bergman, Cigital. 6) Zrong, zengrong.net. ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/bulletins/apsb11-26.html FortiGuard Labs: http://www.fortiguard.com/advisory/FGA-2011-32.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 17:18:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 02:18:57 +0100 Subject: [SEC] [SA46110] Fujitsu Interstage Products Apache Multiple Vulnerabilities Message-ID: <201111070118.pA71Ivfv017393@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Fujitsu Interstage Products Apache Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46110 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46110/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46110 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46110/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46110/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46110 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fujitsu has acknowledged multiple vulnerabilities in Interstage Application Server and Interstage Studio, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA38852 Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply patch. Please see the vendor's advisory for details. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-201103e.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 17:51:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 02:51:26 +0100 Subject: [SEC] [SA46114] Drupal Views Bulk Operations Module Vocabulary Help Script Insertion Vulnerability Message-ID: <201111070151.pA71pQDc008296@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Drupal Views Bulk Operations Module Vocabulary Help Script Insertion Vulnerability SECUNIA ADVISORY ID: SA46114 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46114/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46114 RELEASE DATE: 2011-09-22 DISCUSS ADVISORY: http://secunia.com/advisories/46114/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46114/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46114 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Views Bulk Operations module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input related to the modification of taxonomy via the "Modify node taxonomy terms" action and user tagging enabled vocabulary is not properly sanitised before being displayed to the user as vocabulary help. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation of this vulnerability normally requires "administer taxonomy" permissions. The vulnerability is reported in versions prior to 6.x-1.11. SOLUTION: Update to version 6.x-1.11. PROVIDED AND/OR DISCOVERED BY: The vendor credits Jim Berry. ORIGINAL ADVISORY: SA-CONTRIB-2011-042: http://drupal.org/node/1286844 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 18:37:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 03:37:29 +0100 Subject: [SEC] [SA46098] WordPress Rekt Slideshow Plugin "src" Arbitrary File Upload Vulnerability Message-ID: <201111070237.pA72bTF8021066@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: WordPress Rekt Slideshow Plugin "src" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46098 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46098/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46098 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46098/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46098/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46098 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Rekt Slideshow plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/rekt-slideshow/picsize.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files via specially crafted Base64 encoded URLs. This may be related to vulnerability #1 in: SA45416 The vulnerability is confirmed in version 1.0.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 18:37:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 03:37:42 +0100 Subject: [SEC] [SA46148] libpng "png_handle_cHRM()" Division By Zero Denial of Service Vulnerability Message-ID: <201111070237.pA72bg4r021293@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: libpng "png_handle_cHRM()" Division By Zero Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46148 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46148/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46148 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46148/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46148/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46148 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a division by zero within the "png_handle_cHRM()" function (libpng/pngrutil.c) when processing certain cHRM chunks and can be exploited to cause a crash via specially crafted PNG files. The vulnerability is reported in version 1.5.4. Prior versions are not affected. SOLUTION: Update to version 1.5.5. PROVIDED AND/OR DISCOVERED BY: Reported in a libpng bug by the Qt Commercial Support. ORIGINAL ADVISORY: http://libpng.sourceforge.net/index.html http://sourceforge.net/mailarchive/forum.php?thread_name=CA%2BPdXcsjL1-eqPPSN2m5TvjWsZfUHLaUd1AjnP95PkDE12X4aQ%40mail.gmail.com&forum_name=png-mng-announce http://sourceforge.net/tracker/index.php?func=detail&aid=3406145&group_id=5624&atid=105624 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 19:19:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 04:19:02 +0100 Subject: [SEC] [SA46092] WordPress VK Gallery Plugin "src" Arbitrary File Upload Vulnerability Message-ID: <201111070319.pA73J2w9013308@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: WordPress VK Gallery Plugin "src" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46092 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46092/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46092 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46092/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46092/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46092 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the VK Gallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/vk-gallery/lib/timthumb.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files. This may be related to vulnerability #1 in: SA45416 The vulnerability is confirmed in version 1.1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 19:51:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 04:51:34 +0100 Subject: [SEC] [SA46028] WordPress Kino Gallery TimThumb Arbitrary File Upload Vulnerability Message-ID: <201111070351.pA73pYm4005513@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: WordPress Kino Gallery TimThumb Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46028 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46028/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46028 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46028/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46028/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46028 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Kino Gallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a bundled vulnerable version of TimThumb. For more information see vulnerability #1 in: SA45416 The vulnerability is reported in version 1.0. Prior versions may also be affected. SOLUTION: Update to version 1.1 (revision 438967) or later. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ Kino Gallery: http://wordpress.org/extend/plugins/kino-gallery/changelog/ http://plugins.trac.wordpress.org/changeset?reponame=&new=438967%40kino-gallery&old=422567%40kino-gallery OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 20:16:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 05:16:31 +0100 Subject: [SEC] [SA46066] WordPress Category Grid View Gallery Plugin "src" Arbitrary File Upload Vulnerability Message-ID: <201111070416.pA74GVJt028479@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: WordPress Category Grid View Gallery Plugin "src" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46066 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46066/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46066 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46066/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46066/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46066 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Category Grid View Gallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/category-grid-view-gallery/includes/timthumb.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files. This may be related to vulnerability #1 in: SA45416 The vulnerability is confirmed in version 0.1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 20:50:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 05:50:54 +0100 Subject: [SEC] [SA46085] WordPress Cms Pack Plugin TimThumb Arbitrary File Upload Vulnerability Message-ID: <201111070450.pA74osws019500@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: WordPress Cms Pack Plugin TimThumb Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46085 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46085/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46085 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46085/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46085/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46085 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Cms Pack plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a bundled vulnerable version of TimThumb. For more information see vulnerability #1 in: SA45416 The vulnerability is reported in version 1.3. Prior versions may also be affected. SOLUTION: Update to version 1.4 PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ Cms Pack: http://wordpress.org/extend/plugins/cms-pack/changelog/ http://plugins.trac.wordpress.org/changeset?reponame=&new=439015%40cms-pack&old=392679%40cms-pack OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 21:16:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 06:16:07 +0100 Subject: [SEC] [SA46149] Ubuntu update for apt Message-ID: <201111070516.pA75G7ni010049@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Ubuntu update for apt SECUNIA ADVISORY ID: SA46149 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46149/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46149 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46149/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46149/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46149 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for apt. This fixes a security issue, which can be exploited by malicious people to bypass certain security features. For more information: SA46046 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1215-1: http://www.ubuntu.com/usn/usn-1215-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 21:50:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 06:50:24 +0100 Subject: [SEC] [SA46071] WordPress Verve Meta Boxes Plugin TimThumb Arbitrary File Upload Vulnerability Message-ID: <201111070550.pA75oOME001007@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: WordPress Verve Meta Boxes Plugin TimThumb Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46071 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46071/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46071 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46071/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46071/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46071 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Verve Meta Boxes plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a bundled vulnerable version of TimThumb. For more information see vulnerability #1 in: SA45416 The vulnerability is confirmed in version 1.2.8. Prior versions may also be affected. SOLUTION: Update to version 1.2.9. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ Verve Meta Boxes: http://wordpress.org/extend/plugins/verve-meta-boxes/changelog/ http://plugins.trac.wordpress.org/changeset?reponame=&new=440885%40verve-meta-boxes&old=408945%40verve-meta-boxes OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 6 22:16:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 07:16:05 +0100 Subject: [SEC] [SA46071] WordPress Verve Meta Boxes Plugin TimThumb Arbitrary File Upload Vulnerability Message-ID: <201111070616.pA76G5uW024054@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: WordPress Verve Meta Boxes Plugin TimThumb Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46071 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46071/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46071 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46071/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46071/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46071 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Verve Meta Boxes plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a bundled vulnerable version of TimThumb. For more information see vulnerability #1 in: SA45416 The vulnerability is confirmed in version 1.2.8. Prior versions may also be affected. SOLUTION: Update to version 1.2.9. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ Verve Meta Boxes: http://wordpress.org/extend/plugins/verve-meta-boxes/changelog/ http://plugins.trac.wordpress.org/changeset?reponame=&new=440885%40verve-meta-boxes&old=408945%40verve-meta-boxes OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 10:37:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 19:37:31 +0100 Subject: [SEC] [SA46715] CmyDocument Content Management Multiple Vulnerabilities Message-ID: <201111071837.pA7IbVeU018581@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: CmyDocument Content Management Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46715 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46715/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46715 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46715/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46715/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46715 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in CmyDocument, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed to the "username" parameter in login.asp and login2.asp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "x_Revised" parameter in myDoclist.asp and myWebDoclist.asp is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Note: This can further be exploited to conduct cross-site scripting attacks through SQL error messages. The vulnerabilities are confirmed in CmyDocument (2010-01-10). Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: demonalex ORIGINAL ADVISORY: http://packetstormsecurity.org/files/106556/cmydocument-xss.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 11:36:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 20:36:34 +0100 Subject: [SEC] [SA46689] Yubico PAM Module NULL Password Authentication Bypass Vulnerability Message-ID: <201111071936.pA7JaY5S010851@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Yubico PAM Module NULL Password Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA46689 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46689/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46689 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46689/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46689/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46689 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Yubico PAM Module, which can be exploited by malicious people to bypass certain security features. The vulnerability is caused due to an error within the "pam_sm_authenticate()" function in pam_yubico.c, which can be exploited to bypass the authentication mechanism by providing a NULL password. Successful exploitation may require that the module is configured as "sufficient" in the PAM configuration and the "use_first_pass" option is not used. The vulnerability is reported in versions prior to versions 2.4 through 2.7. SOLUTION: Update to version 2.8. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Nanakos Chrysostomos. ORIGINAL ADVISORY: http://groups.google.com/group/yubico-devel/browse_thread/thread/3f179ec0e6845deb OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 12:36:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 21:36:55 +0100 Subject: [SEC] [SA46784] Perl Parallel-ForkManager Module Insecure Temporary Files Security Issue Message-ID: <201111072036.pA7Katbw003176@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Perl Parallel-ForkManager Module Insecure Temporary Files Security Issue SECUNIA ADVISORY ID: SA46784 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46784/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46784 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46784/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46784/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46784 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in the Parallel-ForkManager module for Perl, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the application using temporary files in an insecure manner, which can be exploited to e.g. overwrite arbitrary files via symlink attacks. The security issue is reported in version 0.7.9. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported by John Lightsey in a bug report. ORIGINAL ADVISORY: https://rt.cpan.org/Public/Bug/Display.html?id=68298 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 13:38:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 22:38:07 +0100 Subject: [SEC] [SA46705] Fujitsu Interstage HTTP Server ByteRange Filter Denial of Service Vulnerability Message-ID: <201111072138.pA7Lc7jb027973@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Fujitsu Interstage HTTP Server ByteRange Filter Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46705 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46705/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46705 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46705/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46705/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46705 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fujitsu has acknowledged a vulnerability in Interstage HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 Please see the vendor's advisory for the list of affected products. SOLUTION: Apply workaround (please see the vendor's advisory for more information). ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-201102e.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 14:34:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 7 Nov 2011 23:34:26 +0100 Subject: [SEC] [SA46718] IBM Rational Asset Manager Cross-Site Scripting and Security Bypass Vulnerabilities Message-ID: <201111072234.pA7MYQCS020106@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: IBM Rational Asset Manager Cross-Site Scripting and Security Bypass Vulnerabilities SECUNIA ADVISORY ID: SA46718 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46718/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46718 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46718/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46718/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46718 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in IBM Rational Asset Manager, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An error in the handling of access controls when changing preferences can be exploited to modify the preferences of another user. The vulnerabilities are reported in version 7.5. SOLUTION: Apply APARs PM38335 and PM38467 or update to version 7.5.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg1PM38467 http://www.ibm.com/support/docview.wss?uid=swg1PM38335 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 15:05:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 00:05:42 +0100 Subject: [SEC] [SA46688] HP Data Protector Media Operations Directory Traversal and Buffer Overflow Vulnerabilities Message-ID: <201111072305.pA7N5gcd010947@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: HP Data Protector Media Operations Directory Traversal and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA46688 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46688/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46688 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46688/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46688/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46688 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered two vulnerabilities in HP Data Protector Media Operations, which can be exploited by malicious people to disclose potentially sensitive information and compromise a vulnerable system. 1) An error in DBServer.exe when processing certain packets can be exploited to download arbitrary files via a specially crafted packet containing directory traversal specifiers sent to TCP port 19813. 2) A signedness error in DBServer.exe when copying data from certain packets can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to TCP port 19813. Successful exploitation of this vulnerability may allow execution of arbitrary code. The vulnerabilities are confirmed in version A.06.20. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: Luigi Auriemma: http://aluigi.altervista.org/adv/hpdpmedia_1-adv.txt http://aluigi.altervista.org/adv/hpdpmedia_2-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 15:32:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 00:32:11 +0100 Subject: [SEC] [SA46691] D-Link DIR-300 Router Management Vulnerability Message-ID: <201111072332.pA7NWBRS001506@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: D-Link DIR-300 Router Management Vulnerability SECUNIA ADVISORY ID: SA46691 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46691/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46691 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46691/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46691/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46691 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in D-Link DIR-300, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to e.g. read arbitrary files and execute arbitrary code. No further information is currently available. The vulnerability is reported in versions prior to 2.06 build b9fe. SOLUTION: Update to version 2.06 build b9fe. PROVIDED AND/OR DISCOVERED BY: Sergey Scherbel, Positive Research Center. ORIGINAL ADVISORY: http://en.securitylab.ru/lab/PT-2011-29 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 16:03:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 01:03:51 +0100 Subject: [SEC] [SA46759] Debian update for xen Message-ID: <201111080003.pA803pXP024870@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Debian update for xen SECUNIA ADVISORY ID: SA46759 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46759/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46759 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46759/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46759/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46759 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for xen. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service) and by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. For more information: SA43802 SA44502 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2337-1: http://www.debian.org/security/2011/dsa-2337 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 16:31:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 01:31:54 +0100 Subject: [SEC] [SA46760] Debian update for man2html Message-ID: <201111080031.pA80VsjF015555@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Debian update for man2html SECUNIA ADVISORY ID: SA46760 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46760/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46760 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46760/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46760/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46760 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for man2html. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised by the CGI wrapper before being returned to the user in error messages. This can be exploited to execute arbitrary HTML and script code in a user's browser. SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2335-1: http://www.debian.org/security/2011/dsa-2335 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 17:07:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 02:07:08 +0100 Subject: [SEC] [SA46764] Oracle Hyperion Strategic Finance Formula One ActiveX Control "SetDevNames()" Buffer Overflow Message-ID: <201111080107.pA8178vL006597@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Oracle Hyperion Strategic Finance Formula One ActiveX Control "SetDevNames()" Buffer Overflow SECUNIA ADVISORY ID: SA46764 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46764/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46764 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46764/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46764/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46764 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: rgod has discovered a vulnerability in Oracle Hyperion Strategic Finance, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "SetDevNames()" method of the Formula One ActiveX control (TTF16.ocx). This can be exploited to cause a heap-based buffer overflow via an overly long string passed e.g. in the "DriverName" parameter. Successful exploitation may allow execution of arbitrary code. The vulnerability is confirmed in version 11.1.2.1.0 (TTF16.ocx version 6.3.5.1). SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Andrea Micalizzi aka rgod. ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_ttf16.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 17:31:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 02:31:50 +0100 Subject: [SEC] [SA46768] vBulletin Publishing Suite "section.php" Unspecified Vulnerability Message-ID: <201111080131.pA81Vo2S029543@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: vBulletin Publishing Suite "section.php" Unspecified Vulnerability SECUNIA ADVISORY ID: SA46768 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46768/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46768 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46768/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46768/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46768 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with an unknown impact has been reported in vBulletin Publishing Suite. The vulnerability is caused due to an unspecified error in the CMS functionality within packages/vbcms/dm/section.php. No further information is currently available. The vulnerability is reported in versions 4.x. SOLUTION: Apply patch (please see vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://www.vbulletin.com/forum/showthread.php/390631 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 18:03:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 03:03:46 +0100 Subject: [SEC] [SA46742] IBM AIX OpenSSL Multiple Vulnerabilities Message-ID: <201111080203.pA823kPN020444@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: IBM AIX OpenSSL Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46742 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46742/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46742 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46742/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46742/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46742 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged multiple vulnerabilities in OpenSSL included in AIX, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise an application using the library. For more information: SA42243 SA42473 SA45265 SOLUTION: Apply fixes (please see the vendor's advisory for details). ORIGINAL ADVISORY: http://aix.software.ibm.com/aix/efixes/security/openssl_advisory2.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 18:33:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 03:33:59 +0100 Subject: [SEC] [SA46660] Joomla! JEEMA SMS Component Cross-Site Request Forgery and SQL Injection Vulnerabilities Message-ID: <201111080233.pA82XxCY011223@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Joomla! JEEMA SMS Component Cross-Site Request Forgery and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA46660 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46660/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46660 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46660/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46660/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46660 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the JEEMA SMS component for Joomla!, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site request forgery attacks. 1) Input passed via the "filter_subsearch" parameter to index.php (when "option" is set to "com_jeemasms" and "view" is set to "book", "group", "history", "sender", "keyword", "smstemplate", "csvsms", "invoice", "smsschedule", or "senderrequest") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "groupid" parameter to index.php (when "option" is set to "com_jeemasms" and "view" and "task" is set to "groupsubscribe") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. transfer other users credits if a logged-in user visits a malicious web site. The vulnerabilities are reported in version 3.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Do not browse untrusted sites or follow untrusted links while being logged-in to the application. PROVIDED AND/OR DISCOVERED BY: Chris Russell ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18047/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 19:19:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 04:19:59 +0100 Subject: [SEC] [SA46782] Fedora update for kernel Message-ID: <201111080319.pA83Jxi1003167@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA46782 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46782/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46782 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46782/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46782/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46782 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. For more information: SA43522 SA46584 SA46591 SOLUTION: Apply updated packages via the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2011-15241: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068760.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 19:55:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 04:55:40 +0100 Subject: [SEC] [SA46719] Mahara Multiple Vulnerabilities Message-ID: <201111080355.pA83ted8026768@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Mahara Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46719 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46719/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46719 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46719/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46719/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46719 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mahara, which can be exploited by malicious users to disclose potentially sensitive information, conduct script insertion attacks, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site request forgery attacks. 1) Certain input related to the external feed block is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) The application processes overly large image dimensions being passed to the image resizing functionality improperly. This can be exploited to cause a DoS. 3) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. adding users to an institution if a logged-in administrator visits a malicious web site. 4) An error in the "Reply to message" functionality can be exploited to read other users messages by modifying the "replyto" parameter. The vulnerabilities are reported in versions prior to 1.4.1. SOLUTION: Update to version 1.4.1 PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1, 4) Teemu Vesala. 2, 3) Richard Mansfield. ORIGINAL ADVISORY: https://launchpad.net/mahara/+milestone/1.4.1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 20:19:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 05:19:19 +0100 Subject: [SEC] [SA46754] SmartJobBoard "keywords[exact_phrase]" Cross-Site Scripting Vulnerability Message-ID: <201111080419.pA84JJCn017253@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SmartJobBoard "keywords[exact_phrase]" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46754 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46754/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46754 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46754/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46754/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46754 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Mr.PaPaRoSSe has reported a vulnerability in SmartJobBoard, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "keywords[exact_phrase]" parameter to search-results-resumes/ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 3.4. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Mr.PaPaRoSSe ORIGINAL ADVISORY: http://paparosse.blogspot.com/2011/11/smartjobboard-cross-site-scripting.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 20:51:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 05:51:26 +0100 Subject: [SEC] [SA46736] FFmpeg Multiple Vulnerabilities Message-ID: <201111080451.pA84pQEs008128@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: FFmpeg Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46736 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46736/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46736 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46736/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46736/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46736 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerabilities are caused due to various errors and can be exploited to e.g. cause out-of-bounds reads and writes, double-frees, and buffer overflows via e.g. specially crafted media content. The vulnerabilities are reported in versions prior to 0.7.7 and 0.8.6. SOLUTION: Update to versions 0.7.7 and 0.8.6. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://ffmpeg.org/#pr7dot7and8dot6 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 21:15:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 06:15:31 +0100 Subject: [SEC] [SA46765] UBB.threads Arbitrary File Upload Vulnerability Message-ID: <201111080515.pA85FVBb031055@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: UBB.threads Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46765 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46765/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46765 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46765/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46765/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46765 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in UBB.threads, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the application improperly validating uploaded files and can be exploited to upload arbitrary files inside the webroot. The vulnerability is reported in versions 7.3 and later. SOLUTION: Apply patch p2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ubbcentral.com/forums/ubbthreads.php/topics/245827/IMPORTANT_UBB_THREADS_SECURITY#Post245827 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 21:51:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 06:51:20 +0100 Subject: [SEC] [SA46728] Gentoo update for sun-jre-bin, emul-linux-x86-java, and sun-jdk Message-ID: <201111080551.pA85pKIv022128@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Gentoo update for sun-jre-bin, emul-linux-x86-java, and sun-jdk SECUNIA ADVISORY ID: SA46728 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46728/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46728 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46728/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46728/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46728 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for sun-jre-bin, emul-linux-x86-java, and sun-jdk. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, by malicious users to disclose certain information, and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, hijack a user's session, manipulate certain data, conduct DNS cache poisoning attacks, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA41791 SA43262 SA44784 SA46512 SOLUTION: Update to "dev-java/sun-jre-bin-1.6.0.29" or later, "app-emulation/emul-linux-x86-java-1.6.0.29" or later, or "dev-java/sun-jdk-1.6.0.29" or later. ORIGINAL ADVISORY: GLSA 201111-02: http://www.gentoo.org/security/en/glsa/glsa-201111-02.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 7 22:20:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 07:20:39 +0100 Subject: [SEC] [SA46643] Barracuda Link Balancer "zoneid" and "scope" Cross-Site Scripting Vulnerabilities Message-ID: <201111080620.pA86Kd3k012899@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Barracuda Link Balancer "zoneid" and "scope" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46643 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46643/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46643 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46643/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46643/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46643 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Barracuda Link Balancer, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed via the "zoneid" and "scope" parameters related to the "Authoritative DNS - DNS Zones" module is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in Barracuda Link Balancer 330 firmware versions v1.3.2.005 and earlier. SOLUTION: Reportedly, the vendor has issued a fix. Please contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: Benjamin Kunz Mejri (Rem0ve), Vulnerability Research Laboratory ORIGINAL ADVISORY: Vulnerability Research Laboratory: http://www.vulnerability-lab.com/get_content.php?id=33 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 10:37:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 19:37:24 +0100 Subject: [SEC] [SA46737] Red Hat update for acroread Message-ID: <201111081837.pA8IbOgl007194@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for acroread SECUNIA ADVISORY ID: SA46737 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46737/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46737 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46737/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46737/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46737 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. For more information: SA45978 SA46113 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1434-01: https://rhn.redhat.com/errata/RHSA-2011-1434.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 11:36:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 20:36:33 +0100 Subject: [SEC] [SA46751] Microsoft Windows TrueType Font Parsing Denial of Service Message-ID: <201111081936.pA8JaXSI031870@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Microsoft Windows TrueType Font Parsing Denial of Service SECUNIA ADVISORY ID: SA46751 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46751/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46751 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46751/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46751/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46751 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an array-indexing error in Win32k.sys when parsing TrueType font files and can be exploited by e.g. tricking a user into navigating to a WebDAV or network share containing a specially crafted TrueType font file. Successful exploitation causes the system to stop responding or restart. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Will Dorman, CERT/CC. ORIGINAL ADVISORY: MS11-084 (KB2617657): http://technet.microsoft.com/en-us/security/bulletin/ms11-084 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 12:57:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 21:57:02 +0100 Subject: [SEC] [SA46752] Windows Mail / Windows Meeting Space Insecure Library Loading Vulnerability Message-ID: <201111082057.pA8Kv2jG014049@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Windows Mail / Windows Meeting Space Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA46752 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46752/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46752 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46752/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46752/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46752 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to Windows Mail and Windows Meeting Space loading certain libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening an EML or WCINV file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. NOTE: While the vulnerable code exists on Windows 7 and Windows Server 2008 R2, no valid attack vectors are currently known. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Ivan Sanchez, EvilCode. ORIGINAL ADVISORY: MS11-085 (KB2620704): http://technet.microsoft.com/en-us/security/bulletin/ms11-085 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 12:57:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 21:57:06 +0100 Subject: [SEC] [SA46745] SUSE update for kernel Message-ID: <201111082057.pA8Kv6VM014115@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA46745 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46745/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46745 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46745/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46745/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46745 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to cause a DoS. For more information: SA45489 SA45533 SA45695 SA45936 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1222-1: http://lists.opensuse.org/opensuse-updates/2011-11/msg00007.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 13:35:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 22:35:09 +0100 Subject: [SEC] [SA46755] Microsoft Windows Active Directory LDAPS Authentication Bypass Message-ID: <201111082135.pA8LZ90F005698@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Active Directory LDAPS Authentication Bypass SECUNIA ADVISORY ID: SA46755 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46755/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46755 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46755/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46755/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46755 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in Active Directory when configured to use LDAP over SSL (not default setting) as it fails to validate the revocation status of an SSL certificate against the CRL (Certificate Revocation List) associated with the domain account. This can be exploited to authenticate to the Active Directory domain using a revoked certificate. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Xavier Lassoie and S?bastien Godard, Autos?curit?. ORIGINAL ADVISORY: MS11-086 (KB2601626, KB2616310, KB2630837): http://technet.microsoft.com/en-us/security/bulletin/ms11-086 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 14:30:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 8 Nov 2011 23:30:37 +0100 Subject: [SEC] [SA46731] Microsoft Windows TCP/IP Reference Counter Overflow Vulnerability Message-ID: <201111082230.pA8MUbqs030220@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Microsoft Windows TCP/IP Reference Counter Overflow Vulnerability SECUNIA ADVISORY ID: SA46731 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46731/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46731 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46731/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46731/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46731 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow error in the TCP/IP implementation when parsing UDP traffic and can be exploited via a continuous flow of specially crafted UDP datagrams sent to a closed port. Successful exploitation may allow execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MS11-083 (KB2588516): http://technet.microsoft.com/en-us/security/bulletin/ms11-083 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 15:14:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 00:14:58 +0100 Subject: [SEC] [SA46694] Hitachi Cosminexus Products Java Multiple Vulnerabilities Message-ID: <201111082314.pA8NEwvi010639@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Hitachi Cosminexus Products Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46694 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46694/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46694 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46694/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46694/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46694 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged multiple vulnerabilities in Hitachi Cosminexus products, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. The vulnerabilities are caused due to vulnerabilities in the bundled version of Cosminexus Developer's Kit for Java. For more information: SA46512 Please see the vendor's advisory for a list of affected products. SOLUTION: Update to a fixed version. Please see the vendor's advisory for details. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS11-024/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 15:14:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 00:14:54 +0100 Subject: [SEC] [SA46659] ZTE ZXDSL 831 II Modem Cross-Site Request Forgery and Information Disclosure Vulnerabilities Message-ID: <201111082314.pA8NEsEA010523@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: ZTE ZXDSL 831 II Modem Cross-Site Request Forgery and Information Disclosure Vulnerabilities SECUNIA ADVISORY ID: SA46659 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46659/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46659 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46659/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46659/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46659 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in the ZTE ZXDSL 831 II modem, which can be exploited by malicious people to conduct cross-site request forgery attacks and to disclose sensitive information. 1) The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change an administrator's password by tricking a logged in administrator into visiting a malicious web site. 2) The vulnerability is caused due to the application displaying authentication credentials in the accessaccount.cgi script, which can be exploited to disclose the authentication credentials. The vulnerabilities are reported in version 7.5.0a_Z29_OV. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: Mehdi Boukazoula and Ibrahim Debeche. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 15:56:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 00:56:30 +0100 Subject: [SEC] [SA46746] Iwate Portal Bar RSS/Atom Feed Reader Script Insertion Vulnerability Message-ID: <201111082356.pA8NuUvX002354@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Iwate Portal Bar RSS/Atom Feed Reader Script Insertion Vulnerability SECUNIA ADVISORY ID: SA46746 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46746/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46746 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46746/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46746/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46746 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Iwate Portal Bar, which can be exploited by malicious people to conduct script insertion attacks. Certain input passed to the RSS/Atom Feed Reader via a feed is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious feed is being viewed. SOLUTION: The vendor recommends to uninstall the product. PROVIDED AND/OR DISCOVERED BY: JVN credits Daiki Fukumori, Cyber Defense Institute. ORIGINAL ADVISORY: http://jvn.jp/en/jp/JVN33861625/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000098.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 16:18:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 01:18:17 +0100 Subject: [SEC] [SA46707] Apple Mac OS X Mail MIME Attachments Denial of Service Weakness Message-ID: <201111090018.pA90IHFD025179@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X Mail MIME Attachments Denial of Service Weakness SECUNIA ADVISORY ID: SA46707 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46707/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46707 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46707/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46707/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46707 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been discovered in Apple Mac OS X, which can be exploited by malicious people to cause a DoS (Denial of Service). The weakness is caused due to an error in the Mail application when processing certain emails, which can be exploited to crash the application via emails containing a large amount of MIME attachments. The weakness is confirmed in version 5.1 (1251/1251.1) on Mac OS X 10.7.2. SOLUTION: Use another email client to delete malicious emails. PROVIDED AND/OR DISCOVERED BY: shebang42 ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-10/0215.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 16:50:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 01:50:20 +0100 Subject: [SEC] [SA46749] zenphoto Ajax File Manager Code Injection Vulnerability Message-ID: <201111090050.pA90oKk6016105@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: zenphoto Ajax File Manager Code Injection Vulnerability SECUNIA ADVISORY ID: SA46749 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46749/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46749 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46749/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46749/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46749 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in zenphoto, which can be exploited by malicious people to compromise a vulnerable system. Input passed via arbitrary POST parameters to zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder.php is not properly sanitised before being used. This can be exploited to execute arbitrary PHP code. The vulnerability is confirmed in version 1.4.1.4. Prior versions may also be affected. SOLUTION: Update to version 1.4.1.5 or later. PROVIDED AND/OR DISCOVERED BY: EgiX ORIGINAL ADVISORY: zenphoto: http://www.zenphoto.org/trac/ticket/2005 EgiX: http://www.exploit-db.com/exploits/18083/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 17:19:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 02:19:49 +0100 Subject: [SEC] [SA46727] Debian update for moodle Message-ID: <201111090119.pA91JnmU006861@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Debian update for moodle SECUNIA ADVISORY ID: SA46727 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46727/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46727 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46727/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46727/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46727 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for moodle. This fixes multiple vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks. For more information: SA46427 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2338-1: http://www.debian.org/security/2011/dsa-2338 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 17:51:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 02:51:54 +0100 Subject: [SEC] [SA46767] Debian update for ffmpeg Message-ID: <201111090151.pA91psqk030175@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Debian update for ffmpeg SECUNIA ADVISORY ID: SA46767 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46767/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46767 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46767/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46767/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46767 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for ffmpeg. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA45532 SA46111 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2336-1: http://www.debian.org/security/2011/dsa-2336 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 18:15:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 03:15:02 +0100 Subject: [SEC] [SA46726] Debian update for nss Message-ID: <201111090215.pA92F29G020620@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Debian update for nss SECUNIA ADVISORY ID: SA46726 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46726/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46726 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46726/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46726/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46726 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for nss. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. For more information: SA46557 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2339-1: http://www.debian.org/security/2011/dsa-2339 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 18:50:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 03:50:55 +0100 Subject: [SEC] [SA46777] HP Integrated Lights-Out OpenSSL Security Bypass and Data Manipulation Vulnerabilities Message-ID: <201111090250.pA92othE011707@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: HP Integrated Lights-Out OpenSSL Security Bypass and Data Manipulation Vulnerabilities SECUNIA ADVISORY ID: SA46777 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46777/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46777 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46777/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46777/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46777 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has acknowledged multiple vulnerabilities in HP Integrated Lights-Out, which can be exploited by malicious people to bypass certain security restrictions and manipulate certain data. For more information: SA37291 SA42473 The vulnerabilities are reported in HP Integrated Lights-Out 2 (iLO2) version 2.05 and prior and HP Integrated Lights-Out 3 (iLO3) version 1.16 and prior. SOLUTION: Update to version 1.20 or 2.06. ORIGINAL ADVISORY: HPSBHF02706 SSRT100613: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03024266 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 19:32:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 04:32:50 +0100 Subject: [SEC] [SA46722] Barracuda Message Archiver 650 Script Insertion Vulnerabilities Message-ID: <201111090332.pA93WovC003844@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Barracuda Message Archiver 650 Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA46722 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46722/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46722 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46722/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46722/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46722 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Barracuda Message Archiver 650, which can be exploited by malicious users to conduct script insertion attacks. Certain input related to the backup test within the configuration backup module is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 2.2.1.001. SOLUTION: Update to version 2.2.1.001. PROVIDED AND/OR DISCOVERED BY: Anonymous via Vulnerability Research Laboratory. ORIGINAL ADVISORY: http://www.vulnerability-lab.com/get_content.php?id=34 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 20:03:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 05:03:55 +0100 Subject: [SEC] [SA46690] OpenVZ update for kernel Message-ID: <201111090403.pA943tDL027129@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: OpenVZ update for kernel SECUNIA ADVISORY ID: SA46690 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46690/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46690 RELEASE DATE: 2011-11-08 DISCUSS ADVISORY: http://secunia.com/advisories/46690/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46690/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46690 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: OpenVZ has issued an update for the kernel. This fixes a weakness and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive and certain system information, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS. For more information: SA46304 SOLUTION: Update kernel branch RHEL6 to version 042stab039.10. ORIGINAL ADVISORY: http://wiki.openvz.org/Download/kernel/rhel6/042stab039.10 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 20:30:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 05:30:42 +0100 Subject: [SEC] [SA46775] Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability Message-ID: <201111090430.pA94Ugkr017751@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Advantech OPC Server ADAM ActiveX Control Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46775 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46775 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46775/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46775/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46775 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Advantech OPC Server, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the ADAM ActiveX control and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in the following components: * Advantech ADAM OPC Server versions prior to V3.01.012. * Advantech Modbus RTU OPC Server versions prior to V3.01.010. * Advantech Modbus TCP OPC Server versions prior to V3.01.010. SOLUTION: Reportedly a patch has been released. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Security Research and Service Institute Information and Communication Security Technology Center (ICST). ORIGINAL ADVISORY: ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 20:51:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 05:51:03 +0100 Subject: [SEC] [SA46776] Oracle Solaris Apache Tomcat Multiple Vulnerabilities Message-ID: <201111090451.pA94p3nV008041@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Apache Tomcat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46776 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46776/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46776 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46776/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46776/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46776 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged multiple vulnerabilities in Apache Tomcat included in Solaris, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and cause a DoS (Denial of Service). For more information: SA42337 SA43194 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_tomcat OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 21:15:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 06:15:45 +0100 Subject: [SEC] [SA46717] Fedora update for clamav Message-ID: <201111090515.pA95FjXh030994@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Fedora update for clamav SECUNIA ADVISORY ID: SA46717 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46717/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46717 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46717/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46717/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46717 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for clamav. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA45382 SA46455 SOLUTION: Apply updated packages via the yum utility ("yum update clamav"). ORIGINAL ADVISORY: FEDORA-2011-15076: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068940.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 21:51:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 06:51:21 +0100 Subject: [SEC] [SA46729] Debian update for mahara Message-ID: <201111090551.pA95pLb3022070@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Debian update for mahara SECUNIA ADVISORY ID: SA46729 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46729/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46729 RELEASE DATE: 2011-11-07 DISCUSS ADVISORY: http://secunia.com/advisories/46729/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46729/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46729 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for mahara. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and cause a DoS (Denial of Service) and by malicious people to conduct cross-site request forgery attacks. For more information: SA46719 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2334-1: http://www.debian.org/security/2011/dsa-2334 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 8 22:19:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 07:19:44 +0100 Subject: [SEC] [SA45795] WordPress Extend WordPress Free Version Plugin "src" Arbitrary File Upload Vulnerability Message-ID: <201111090619.pA96Jird012788@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: WordPress Extend WordPress Free Version Plugin "src" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA45795 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45795/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45795 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/45795/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45795/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45795 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Extend WordPress Free Version plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/extend-wordpress/helpers/timthumb/image.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files. This may be related to vulnerability #1 in: SA45416 The vulnerability is confirmed in version 2.1.01. Prior versions may also be affected. SOLUTION: Update to version 2.1.02. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ Extend WordPress: http://plugins.trac.wordpress.org/changeset/440701/extend-wordpress OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 10:37:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 19:37:52 +0100 Subject: [SEC] [SA46762] LabWiki Multiple Vulnerabilities Message-ID: <201111091837.pA9IbqXZ007135@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: LabWiki Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46762 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46762/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46762 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46762/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46762/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46762 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: muuratsalo has discovered multiple vulnerabilities in LabWiki, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. 1) Input passed to the "from" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "page_no" parameter in recentchanges.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "userfile" POST parameter in edit.php is not properly verified before being used to upload files. This can be exploited to e.g. upload arbitrary PHP files with e.g. a ".gif" extension. The vulnerabilities are confirmed in version 1.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: muuratsalo ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/current/0112.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 11:41:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 20:41:22 +0100 Subject: [SEC] [SA46794] eEye Retina Audit ID 2499 Privilege Escalation Weakness Message-ID: <201111091941.pA9JfMbv032040@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: eEye Retina Audit ID 2499 Privilege Escalation Weakness SECUNIA ADVISORY ID: SA46794 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46794/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46794 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46794/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46794/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46794 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in eEye Retina, which can be exploited by malicious, local users to gain escalated privileges. The weakness is caused due to the Audit ID 2499 ("Gauntlet Firewall For UNIX Buffer Overflow") executing a certain file in the "/usr/local" folder, which can be exploited to execute arbitrary code with the privileges of the Retina scanner by placing a malicious file within the "/usr/local" folder. The weakness is reported in eEye Digital Security Audits Revision 2406 through Audits Revision 2423 when scanning Solaris, HP-UX, and IRIX systems. SOLUTION: Update to Digital Security Audits Revision 2424 (released 10/03/2011). PROVIDED AND/OR DISCOVERED BY: Michael Rutkowski, Duer Advanced Technology and Aerospace, Inc (DATA) ORIGINAL ADVISORY: http://www.eeye.com/Resources/Security-Center/Research/Security-Advisories/AL20111108 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 12:36:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 21:36:23 +0100 Subject: [SEC] [SA46795] Ubuntu update for linux Message-ID: <201111092036.pA9KaNCp024100@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux SECUNIA ADVISORY ID: SA46795 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46795/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46795 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46795/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46795/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46795 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA44754 SA45193 SA45489 SA45695 SA46251 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1253-1: http://www.ubuntu.com/usn/usn-1253-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 13:35:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 22:35:18 +0100 Subject: [SEC] [SA46804] FreeBSD OpenPAM Privilege Escalation Security Issue Message-ID: <201111092135.pA9LZInZ016358@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: FreeBSD OpenPAM Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA46804 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46804/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46804 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46804/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46804/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46804 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been discovered in FreeBSD, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to the use of vulnerable OpenPAM code. For more information: SA46756 The security issue is confirmed in version 8.1. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 14:31:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 23:31:20 +0100 Subject: [SEC] [SA46779] Schneider Electric CitectSCADA Batch Server Login Buffer Overflow Vulnerability Message-ID: <201111092231.pA9MVKOh008460@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Schneider Electric CitectSCADA Batch Server Login Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46779 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46779/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46779 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46779/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46779/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46779 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Schneider Electric CitectSCADA, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the batch module when handling the logon sequence and can be exploited to cause a buffer overflow via an overly long string. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 7.10 and prior. SOLUTION: Update to a fixed version. Please contact the vendor for details. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung, Taiwan?s Information and Communication Security Technology Center (ICST). ORIGINAL ADVISORY: CitectSCADA: http://www.citect.com/citectscada-batch ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 14:50:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 9 Nov 2011 23:50:57 +0100 Subject: [SEC] [SA46788] Red Hat update for seamonkey Message-ID: <201111092250.pA9Movv7031131@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for seamonkey SECUNIA ADVISORY ID: SA46788 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46788/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46788 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46788/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46788/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46788 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for seamonkey. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting attacks. For more information see vulnerability #2 in: SA46757 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1440-01: https://rhn.redhat.com/errata/RHSA-2011-1440.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 15:14:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 00:14:45 +0100 Subject: [SEC] [SA46750] Red Hat update for thunderbird Message-ID: <201111092314.pA9NEjaN021616@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA46750 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46750/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46750 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46750/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46750/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46750 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes a vulnerability, which can be exploited by malicious people to disclose potentially sensitive information and conduct cross-site scripting attacks. For more information see vulnerability #2 in: SA46757 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1438-01: https://rhn.redhat.com/errata/RHSA-2011-1438.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 15:49:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 00:49:48 +0100 Subject: [SEC] [SA46796] Dell KACE K2000 System Deployment Appliance Security Bypass and Cross-Site Scripting Message-ID: <201111092349.pA9Nnmr9012662@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Dell KACE K2000 System Deployment Appliance Security Bypass and Cross-Site Scripting SECUNIA ADVISORY ID: SA46796 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46796/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46796 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46796/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46796/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46796 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and some vulnerabilities have been reported in Dell KACE K2000 System Deployment Appliance, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. 1) The appliance contains a hidden recovery account and can be exploited to gain access to the web administration. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Restrict access to trusted hosts only. Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Tenable Network Security. ORIGINAL ADVISORY: KACE: http://www.kace.com/support/kb/index.php?action=artikel&id=1120 US-CERT (VU#135606, VU#193529): http://www.kb.cert.org/vuls/id/135606 http://www.kb.cert.org/vuls/id/193529 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 16:15:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 01:15:50 +0100 Subject: [SEC] [SA46786] Mitsubishi MX4 SCADA Batch Server Login Buffer Overflow Vulnerability Message-ID: <201111100015.pAA0FoEi003231@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Mitsubishi MX4 SCADA Batch Server Login Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46786 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46786/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46786 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46786/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46786/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46786 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mitsubishi MX4 SCADA, which can be exploited by malicious people to compromise a vulnerable system. The application bundles a vulnerable version of CitectSCADA. For more information: SA46779 The vulnerability is reported in version 7.10 and prior. SOLUTION: Update to a fixed version. Please contact the vendor for details. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Kuang-Chun Hung of Taiwan?s Information and Communication Security Technology Center (ICST). ORIGINAL ADVISORY: Mitsubishi: https://my.mitsubishi-automation.com/downloads/view/doc_loc/8879/91516012-eb50-11e0-98c9-0022195266d5_PSN2011-0001a.pdf ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-279-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 16:49:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 01:49:50 +0100 Subject: [SEC] [SA46789] Red Hat update for icedtea-web Message-ID: <201111100049.pAA0no6i026646@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for icedtea-web SECUNIA ADVISORY ID: SA46789 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46789/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46789 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46789/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46789/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46789 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for icedtea-web. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error in the web browser plugin and can be exploited to bypass the same-origin policy via a malicious applet. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Deepak Bhole. ORIGINAL ADVISORY: RHSA-2011:1441-01: https://rhn.redhat.com/errata/RHSA-2011-1441.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 17:18:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 02:18:20 +0100 Subject: [SEC] [SA46790] Red Hat update for firefox Message-ID: <201111100118.pAA1IKGs017365@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for firefox SECUNIA ADVISORY ID: SA46790 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46790/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46790 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46790/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46790/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46790 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system. For more information: SA46757 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1437-01: https://rhn.redhat.com/errata/RHSA-2011-1437.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 17:50:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 02:50:43 +0100 Subject: [SEC] [SA46653] Hyperic HQ Enterprise Multiple Vulnerabilities Message-ID: <201111100150.pAA1ohhH008268@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Hyperic HQ Enterprise Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46653 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46653/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46653 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46653/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46653/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46653 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Vulnerability Research Laboratory has reported multiple vulnerabilities in Hyperic HQ Enterprise, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via the "escId" parameter to admin/config/Config.do (when "mode" is set to "escalate") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input sent from the Hyperic Agent is not properly sanitised in the roles listing under administration, the HQ Health view under administration, the monitor view for a specific host, the applications view under resources, and the general properties view for the logged in user before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 3) The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change an administrator's password by tricking a logged in administrator into visiting a malicious web site. The vulnerabilities are reported in version 4.5.1. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: Vulnerability Research Laboratory ORIGINAL ADVISORY: http://www.vulnerability-lab.com/get_content.php?id=240 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 18:14:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 03:14:57 +0100 Subject: [SEC] [SA46774] Apple Mac OS X update for Java Message-ID: <201111100214.pAA2Evoo031189@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Apple Mac OS X update for Java SECUNIA ADVISORY ID: SA46774 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46774/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46774 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46774/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46774/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46774 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has issued an update for Java for Mac OS X. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA46512 SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://support.apple.com/kb/HT5045 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 18:49:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 03:49:46 +0100 Subject: [SEC] [SA46703] Ubuntu update for tomcat6 Message-ID: <201111100249.pAA2nkmt022233@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Ubuntu update for tomcat6 SECUNIA ADVISORY ID: SA46703 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46703/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46703 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46703/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46703/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46703 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for tomcat6. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, or cause a DoS (Denial of Service) and by malicious people to disclose potentially sensitive information and bypass certain security restrictions. For more information: SA44981 SA45232 SA45748 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1252-1: http://www.ubuntu.com/usn/usn-1252-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 19:23:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 04:23:25 +0100 Subject: [SEC] [SA46733] Apache Tomcat Manager Application Servlets Security Bypass Security Issue Message-ID: <201111100323.pAA3NPd0013661@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Apache Tomcat Manager Application Servlets Security Bypass Security Issue SECUNIA ADVISORY ID: SA46733 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46733/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46733 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46733/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46733/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46733 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Apache Tomcat, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to the access to the manager application servlets not being restricted from untrusted web applications. This can be exploited to use the functionality of the manager application from a published web application. Successful exploitation requires the "manager-script" privileges. The security issue is reported in versions prior to 7.0.22. SOLUTION: Update to version 7.0.22. PROVIDED AND/OR DISCOVERED BY: The vendor credits Ate Douma. ORIGINAL ADVISORY: http://tomcat.apache.org/security-7.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 19:50:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 04:50:55 +0100 Subject: [SEC] [SA46756] OpenPAM Service Name Privilege Escalation Security Issue Message-ID: <201111100350.pAA3otmn004302@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: OpenPAM Service Name Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA46756 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46756/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46756 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46756/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46756/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46756 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in OpenPAM, which can be exploited by malicious, local users to gain escalated privileges. The security issue is caused due to an input sanitisation error when loading PAM services, which can be exploited to e.g. load malicious libraries with root privileges via directory traversal attacks. Note: Successful exploitation requires that an attacker can e.g. pass a malicious server name to OpenPAM's "pam_start()" function (e.g. the kcheckpass utility on FreeBSD). The security issue is reported in OpenPAM Hydrangea. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Sebastian Krahmer ORIGINAL ADVISORY: http://c-skills.blogspot.com/2011/11/openpam-trickery.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 20:15:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 05:15:10 +0100 Subject: [SEC] [SA46787] Red Hat update for thunderbird Message-ID: <201111100415.pAA4FA3H027231@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA46787 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46787/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46787 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46787/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46787/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46787 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system. For more information: SA46757 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1439-01: https://rhn.redhat.com/errata/RHSA-2011-1439.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 20:49:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 05:49:25 +0100 Subject: [SEC] [SA46720] DTV Player Playlist Processing Buffer Overflow Vulnerability Message-ID: <201111100449.pAA4nPeX018230@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: DTV Player Playlist Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46720 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46720/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46720 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46720/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46720/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46720 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in DTV Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due an error when processing playlist files and can be exploited to cause a buffer overflow via a specially crafted PLF file. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file. This may be related to: SA25508 The vulnerability is reported in version 1.0.1.2. Other versions may also be affected. SOLUTION: Do not open playlist files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Tom Gregory, Spentera. ORIGINAL ADVISORY: US-CERT (VU#998403): http://www.kb.cert.org/vuls/id/998403 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 21:15:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 06:15:57 +0100 Subject: [SEC] [SA46773] Mozilla Firefox / Thunderbird Multiple Vulnerabilities Message-ID: <201111100515.pAA5FvQh008825@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox / Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46773 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46773/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46773 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46773/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46773/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46773 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a user's system. 1) An error when parsing invalid sequences in the Shift-JIS encoding can be exploited to disclose potentially sensitive information and conduct cross-site scripting attacks. 2) Some unspecified errors can be exploited to corrupt memory. 3) An error due to an unchecked allocation failure can be exploited to corrupt memory. 4) An error when a SVG tag links to a non-SVG element can be exploited to corrupt memory. 5) An error when using Firebug to profile a JavaScript file with many functions can be exploited to corrupt memory. Successful exploitation of vulnerabilities #2 through #5 may allow execution of arbitrary code. 6) An error within Windows D2D hardware acceleration can be exploited to bypass the same-origin policy and read data from a different domain. This is related to vulnerability #7 in: SA45581 7) An error within WebGL can be exploited to disclose random image data from the GPU memory. 8) An error within an internal privilege check due to not respecting the NoWaiverWrappers restrictions can be exploited to grant escalated privileges to certain web content. Successful exploitation of this vulnerability may allow execution of arbitrary code. SOLUTION: Upgrade to version 8.0. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Yosuke Hasegawa 2) Jason Orendorff, Boris Zbarsky, Gregg Tavares, Mats Palmgren, Christian Holler, Jesse Ruderman, Simona Marcu, Bob Clary, and William McCloskey 3) Rho 4) Aki Helin 5) Marc Schoenefeld 6) Bas Schouten 7) Claus Wahlers 8) moz_bug_r_a4 ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2011/mfsa2011-47.html http://www.mozilla.org/security/announce/2011/mfsa2011-48.html http://www.mozilla.org/security/announce/2011/mfsa2011-49.html http://www.mozilla.org/security/announce/2011/mfsa2011-50.html http://www.mozilla.org/security/announce/2011/mfsa2011-51.html http://www.mozilla.org/security/announce/2011/mfsa2011-52.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 21:51:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 06:51:06 +0100 Subject: [SEC] [SA46757] Mozilla Firefox / Thunderbird Multiple Vulnerabilities Message-ID: <201111100551.pAA5p6OI032305@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox / Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46757 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46757/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46757 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46757/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46757/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46757 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Firefox and Thunderbird, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system. 1) An error within the JSSubScriptLoader can be exploited to execute arbitrary code by tricking a user into installing a malicious plug-in. For more information see vulnerability #7 in: SA46171 2) An error exists when parsing invalid sequences in the Shift-JIS encoding. For more information see vulnerability #1 in: SA46773 3) An error exists when using Firebug to profile a JavaScript file. For more information see vulnerability #5 in: SA46773 The vulnerabilities are reported in the following products: * Mozilla Firefox versions prior to 3.6.24 * Mozilla Thunderbird versions prior to 3.1.16. SOLUTION: Update to Firefox version 3.6.24 and Thunderbird version 3.1.16. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) moz_bug_r_a4 2) Yosuke Hasegawa 3) Marc Schoenefeld ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2011/mfsa2011-46.html http://www.mozilla.org/security/announce/2011/mfsa2011-47.html http://www.mozilla.org/security/announce/2011/mfsa2011-49.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 9 22:16:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 07:16:15 +0100 Subject: [SEC] [SA46801] Avaya CMS libpng Multiple Vulnerabilities Message-ID: <201111100616.pAA6GFF5022841@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Avaya CMS libpng Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46801 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46801/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46801 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46801/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46801/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46801 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Avaya has acknowledged multiple vulnerabilities in Avaya CMS, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA38774 SA40302 The vulnerabilities are reported in versions R15 and R16.x. SOLUTION: Apply patch 137080-06 or later. ORIGINAL ADVISORY: ASA-2011-277: https://support.avaya.com/css/P8/documents/100148396 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 10:34:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 19:34:06 +0100 Subject: [SEC] [SA46725] LabStoRe Multiple "where_clause" SQL Injection Vulnerabilities Message-ID: <201111101834.pAAIY6XE000970@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: LabStoRe Multiple "where_clause" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA46725 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46725/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46725 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46725/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46725/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46725 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: muuratsalo has discovered multiple vulnerabilities in LabStoRe, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "where_clause" parameter in stocks/interface_creator/index.php, stocks/interface_creator/index_long.php, and stocks/interface_creator/index_short.php (when "function" is set to "search" and "table_name" is set to an accessible dadabik table name) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.5.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: muuratsalo ORIGINAL ADVISORY: muuratsalo: http://archives.neohapsis.com/archives/fulldisclosure/2011-11/att-0070/labstore.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 11:33:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 20:33:15 +0100 Subject: [SEC] [SA46807] vtiger CRM Multiple Local File Inclusion Vulnerabilities Message-ID: <201111101933.pAAJXFwL025747@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: vtiger CRM Multiple Local File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA46807 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46807/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46807 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46807/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46807/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46807 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered some vulnerabilities in vtiger CRM, which can be exploited by malicious users to compromise a vulnerable system. 1) Input passed to the "file" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files within the vtiger CRM deployment path and execute arbitrary PHP code by e.g. including a previously uploaded file with ".txt" extension containing PHP code via directory traversal sequences and URL-encoded NULL bytes. 2) Input passed to the "module" and "action" parameters in graph.php is not properly verified before being used to include files. This can be exploited to include arbitrary files within the vtiger CRM deployment path and execute arbitrary PHP code by e.g. including a previously uploaded file with ".txt" extension containing PHP code via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 5.2.1. Other versions may also be affected. SOLUTION: Update to version 5.3.0 RC. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB23054: https://www.htbridge.ch/advisory/local_file_inclusion_in_vtigercrm.html vtiger CRM: http://vtiger.com/blogs/?p=894 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 12:34:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 21:34:02 +0100 Subject: [SEC] [SA46824] Ubuntu update for linux-lts-backport-natty Message-ID: <201111102034.pAAKY2Cj018162@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-lts-backport-natty SECUNIA ADVISORY ID: SA46824 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46824/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46824 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46824/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46824/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46824 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-lts-backport-natty. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, conduct session hijacking attacks, cause a DoS (Denial of Service), and gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA40205 SA41493 SA43009 SA43496 SA43537 SA43841 SA43846 SA44091 SA44094 SA44164 SA44466 SA44754 SA44986 SA45193 SA45236 SA45420 SA45489 SA45533 SA45695 SA45936 SA46251 SA46539 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1256-1: http://www.ubuntu.com/usn/usn-1256-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 13:34:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 22:34:12 +0100 Subject: [SEC] [SA46769] Debian update for iceweasel Message-ID: <201111102134.pAALYCoJ010529@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Debian update for iceweasel SECUNIA ADVISORY ID: SA46769 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46769/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46769 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46769/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46769/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46769 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for iceweasel. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system. For more information: SA46757 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2341-1: http://www.debian.org/security/2011/dsa-2341 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 14:27:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 23:27:01 +0100 Subject: [SEC] [SA46770] GnuTLS "gnutls_session_get_data()" Buffer Overflow Vulnerability Message-ID: <201111102227.pAAMR1uw002453@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: GnuTLS "gnutls_session_get_data()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46770 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46770/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46770 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46770/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46770/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46770 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an error within the "gnutls_session_get_data()" function (lib/gnutls_session.c) and can be exploited to cause a buffer overflow by tricking a client using the function into connecting to a malicious server. Note: Successful exploitation requires that the client calls the "gnutls_session_get_data()" function with an undersized buffer. SOLUTION: Update to version 2.12.4 or 3.0.7. PROVIDED AND/OR DISCOVERED BY: Alban Crequy ORIGINAL ADVISORY: Alban Crequy: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 14:48:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 10 Nov 2011 23:48:38 +0100 Subject: [SEC] [SA46771] HP Network Node Manager i Cross-Site Scripting Vulnerabilities Message-ID: <201111102248.pAAMmcmF025292@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: HP Network Node Manager i Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46771 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46771/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46771 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46771/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46771/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46771 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in HP Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions 9.0x and 9.1x running on HP-UX, Linux, Solaris, and Windows. SOLUTION: Apply patch or hotfix. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMU02708 SSRT100633: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03035744 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 15:13:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 00:13:12 +0100 Subject: [SEC] [SA46793] Ubuntu update for libmodplug Message-ID: <201111102313.pAANDCAw015853@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Ubuntu update for libmodplug SECUNIA ADVISORY ID: SA46793 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46793/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46793 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46793/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46793/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46793 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for libmodplug. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA45131 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1255-1: http://www.ubuntu.com/usn/usn-1255-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 15:49:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 00:49:46 +0100 Subject: [SEC] [SA45453] Support Incident Tracker Multiple Vulnerabilities Message-ID: <201111102349.pAANnk0f007012@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Support Incident Tracker Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45453 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45453/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45453 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/45453/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45453/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45453 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a weakness and multiple vulnerabilities in Support Incident Tracker, which can be exploited by malicious users to disclose sensitive information, conduct SQL injection attacks, and compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks. 1) An error in ftp_upload_file.php does not properly verify uploaded file names and can be exploited to disclose the attachments directory name. 2) Input passed via the "search_string" parameter to search.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via uploaded file names to incident_attachments.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 4) Input passed via e.g. the "application_name" parameter to config.php (when "action" is set to "save") is not properly sanitised before being used in an "eval()" call. This can be exploited to execute arbitrary PHP code. Successful exploitation of this vulnerability requires the "Administrate" permission. 5) An error in the ftp_upload_file.php script does not properly validate uploaded files and can be exploited to execute arbitrary PHP code by uploading a PHP file. NOTE: This vulnerability can be exploited in combination with vulnerability #1. The weakness and the vulnerabilities are confirmed in version 3.65. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-75/ http://secunia.com/secunia_research/2011-76/ http://secunia.com/secunia_research/2011-77/ http://secunia.com/secunia_research/2011-78/ http://secunia.com/secunia_research/2011-79/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 16:13:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 01:13:29 +0100 Subject: [SEC] [SA46799] AShop URL Cross-Site Scripting Vulnerability Message-ID: <201111110013.pAB0DTt3029930@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: AShop URL Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46799 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46799/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46799 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46799/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46799/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46799 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered a vulnerability in AShop, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to index.php is not properly sanitised in catalogue.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 5.1.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: http://seclists.org/fulldisclosure/2011/Nov/122 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 16:49:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 01:49:12 +0100 Subject: [SEC] [SA46723] OrderSys "where_clause" Multiple SQL Injection Vulnerabilities Message-ID: <201111110049.pAB0nCGE021042@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: OrderSys "where_clause" Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA46723 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46723/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46723 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46723/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46723/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46723 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: muuratsalo has discovered multiple vulnerabilities in OrderSys, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "where_clause" parameter to interface_creator/index.php, interface_creator/index_short.php, and interface_creator/index_long.php (when "table_name" is set to "vendor" and "function" is set to "search") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.6.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: muuratsalo ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-11/att-0071/ordersys.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 17:16:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 02:16:47 +0100 Subject: [SEC] [SA46813] Drupal Webform CiviCRM Integration Module Multiple SQL Injection Vulnerabilities Message-ID: <201111110116.pAB1GlmB011758@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Drupal Webform CiviCRM Integration Module Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA46813 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46813/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46813 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46813/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46813/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46813 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the Webform CiviCRM Integration module for Drupal, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in versions 6.x-2.1 and 7.x-2.1. SOLUTION: Update to version 6.x-2.2 or 7.x-2.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Michal Mach. ORIGINAL ADVISORY: SA-CONTRIB-2011-055: http://drupal.org/node/1337024 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 17:47:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 02:47:40 +0100 Subject: [SEC] [SA46810] SUSE update for apache2 Message-ID: <201111110147.pAB1leT8002557@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: SUSE update for apache2 SECUNIA ADVISORY ID: SA46810 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46810/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46810 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46810/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46810/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46810 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for apache2. This fixes a weakness and some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA38852 SA44574 SA44661 SA46013 SA46288 Note: Additionally this update refines a previous fix for CVE-2011-3192. SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1229-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 18:13:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 03:13:06 +0100 Subject: [SEC] [SA46811] ProFTPD Response Pool Use-After-Free Vulnerability Message-ID: <201111110213.pAB2D6rc025600@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: ProFTPD Response Pool Use-After-Free Vulnerability SECUNIA ADVISORY ID: SA46811 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46811/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46811 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46811/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46811/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46811 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ProFTPD, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a use-after-free error when handling response pool allocation lists and can be exploited to corrupt memory. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 1.3.3g. SOLUTION: Update to version 1.3.3g or 1.3.4. PROVIDED AND/OR DISCOVERED BY: The vendor credits an anonymous person via ZDI. ORIGINAL ADVISORY: ProFTPD: http://bugs.proftpd.org/show_bug.cgi?id=3711 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 18:47:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 03:47:51 +0100 Subject: [SEC] [SA46669] Debian update for iceape Message-ID: <201111110247.pAB2lpYN016688@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Debian update for iceape SECUNIA ADVISORY ID: SA46669 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46669/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46669 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46669/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46669/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46669 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for iceape. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system. For more information: SA46757 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2342-1: http://www.debian.org/security/2011/dsa-2342 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 19:20:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 04:20:11 +0100 Subject: [SEC] [SA46772] Drupal CKEditor Module File Download Security Bypass Vulnerability Message-ID: <201111110320.pAB3KBTZ013446@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Drupal CKEditor Module File Download Security Bypass Vulnerability SECUNIA ADVISORY ID: SA46772 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46772/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46772 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46772/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46772/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46772 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the CKEditor module for Drupal, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the application not restricting access to private files and can be exploited to download other users private files by guessing the URL. The vulnerability is reported in version 7.x-1.4. SOLUTION: Update to version 7.x-1.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits Joel Walters. ORIGINAL ADVISORY: SA-CONTRIB-2011-054: http://drupal.org/node/1337006 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 19:46:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 04:46:37 +0100 Subject: [SEC] [SA46744] Drupal Quiz Module Multiple Script Insertion Vulnerabilities Message-ID: <201111110346.pAB3kbYk004093@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Drupal Quiz Module Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA46744 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46744/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46744 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46744/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46744/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46744 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the Quiz module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input when creating quizzes is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires permission to create or edit quizzes. The vulnerabilities are reported in versions prior to 6.x-4.3. SOLUTION: Update to version 6.x-4.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits phdruplover. ORIGINAL ADVISORY: SA-CONTRIB-2011-053: http://drupal.org/node/1336922 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 20:11:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 05:11:46 +0100 Subject: [SEC] [SA46739] AShop URL Redirection and Cross-Site Scripting Vulnerabilities Message-ID: <201111110411.pAB4Bk6m027065@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: AShop URL Redirection and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46739 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46739/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46739 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46739/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46739/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46739 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered two weaknesses and multiple vulnerabilities in AShop, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. 1) Input passed via the "redirect" parameter to language.php (when "language" is set) and the "redirect" parameter to currency.php is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. 2) Input passed via the "picture" parameter to picture.php, the "resultpage" parameter to catalogue.php, and the "sid" parameter to basket.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The weaknesses and vulnerabilities are confirmed in version 5.1.3. Prior versions may also be affected. SOLUTION: Update to version 5.1.4 PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: http://seclists.org/fulldisclosure/2011/Nov/122 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 20:47:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 05:47:00 +0100 Subject: [SEC] [SA46778] Cisco TelePresence System Products Default Root Account Security Issue Message-ID: <201111110447.pAB4l0gO018154@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Cisco TelePresence System Products Default Root Account Security Issue SECUNIA ADVISORY ID: SA46778 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46778/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46778 RELEASE DATE: 2011-11-10 DISCUSS ADVISORY: http://secunia.com/advisories/46778/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46778/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46778 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in some Cisco TelePresence System products, which can be exploited by malicious people to compromise a vulnerable system. The security issue is caused due to the devices containing an enabled root user account with a default password, which is shown as disabled ("off") in the settings. This can be exploited to gain administrative access to the device. The security issue is reported in versions TC 4.0, TC 4.1, and TC 4.2 in the following products: * Cisco TelePresence System Integrator C Series * Cisco TelePresence EX Series * Cisco TelePresence Quick Set SOLUTION: Disable the root account (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Cisco (cisco-sa-20111109-telepresence-c-ex-series): http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111109-telepresence-c-ex-series OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 21:11:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 06:11:49 +0100 Subject: [SEC] [SA46667] Adobe Shockwave Player Multiple Vulnerabilities Message-ID: <201111110511.pAB5BnnJ008732@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: Adobe Shockwave Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46667 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46667/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46667 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46667/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46667/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46667 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Shockwave Player, which can be exploited by malicious people to compromise a user's system. 1) An error in DIRAPI.dll when parsing Director file headers can be exploited to corrupt memory. 2) An error in TextXtra.x32 when parsing Director files can be exploited to corrupt memory. 3) An error in DIRAPI.dll when parsing rcsl chunks within Director files can be exploited to corrupt memory. 4) Multiple errors in TextXtra.x32 can be exploited to cause heap-based buffer overflows. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions 11.6.1.629 and prior. SOLUTION: Update to version 11.6.3.633. PROVIDED AND/OR DISCOVERED BY: 1, 3) instruder, Code Audit Labs. 2) Pablo Santamaria, Core Security Technologies. 4) Carsten Eiram, Secunia Research. ORIGINAL ADVISORY: Adobe (APSB11-27): http://www.adobe.com/support/security/bulletins/apsb11-27.html Code Audit Labs (CAL-2011-0052, CAL-2011-0054): http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0109.html http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0110.html Core Security Technologies (CORE-2011-0825): http://www.coresecurity.com/content/adobe-shockwave-textxtra-vulnerability OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 21:46:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 06:46:11 +0100 Subject: [SEC] [SA46741] osCSS2 "_ID" Local File Inclusion Vulnerability Message-ID: <201111110546.pAB5kBYC032145@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: osCSS2 "_ID" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA46741 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46741/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46741 RELEASE DATE: 2011-11-09 DISCUSS ADVISORY: http://secunia.com/advisories/46741/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46741/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46741 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered a vulnerability in osCSS2, which can be exploited by malicious people to disclose sensitive information. Input passed to the "_ID" parameter in content.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks. The vulnerabilities are confirmed in version 2.1.0 RC prod. Other versions may also be affected. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: SSCHADV2011-034: http://www.rul3z.de/advisories/SSCHADV2011-034.txt osCSS2: http://forums.oscss.org/2-security/oscss2-id-parameter-local-file-inclusion-t1999.html#p11194 http://oscss.svn.sourceforge.net/viewvc/oscss?view=revision&revision=3872 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 10 22:13:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 07:13:58 +0100 Subject: [SEC] [SA46090] WordPress DP Thumbnail Plugin "src" Arbitrary File Upload Vulnerability Message-ID: <201111110613.pAB6DwDk022879@CRON-IX-2.intnet> ---------------------------------------------------------------------- Ovum says ad hoc tools are out-dated. The best practice approach? Fast vulnerability intelligence, threat handling, and setup in one tool. Read the new report on the Secunia VIM: http://secunia.com/products/corporate/vim/ovum_2011_request/ ---------------------------------------------------------------------- TITLE: WordPress DP Thumbnail Plugin "src" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46090 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46090/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46090 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46090/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46090/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46090 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the DP Thumbnail plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/dp-thumbnail/timthumb/timthumb.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files. This may be related to vulnerability #1 in: SA45416 The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 10:31:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 19:31:58 +0100 Subject: [SEC] [SA46832] HP Directories Support for ProLiant Management Processors Security Bypass Vulnerability Message-ID: <201111111831.pABIVwGh002972@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: HP Directories Support for ProLiant Management Processors Security Bypass Vulnerability SECUNIA ADVISORY ID: SA46832 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46832/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46832 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46832/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46832/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46832 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Directories Support for ProLiant Management Processors, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error and can be exploited to gain access to the Integrated Lights-Out (iLO2 or iLO3) component. The vulnerability is reported in versions 3.10 and 3.20. SOLUTION: Update to version 3.30. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBHF02721 SSRT100605: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03082006 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 11:31:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 20:31:22 +0100 Subject: [SEC] [SA46792] Red Hat update for flash-plugin Message-ID: <201111111931.pABJVMl6027747@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA46792 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46792/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46792 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46792/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46792/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46792 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-player. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA46818 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1445-01: https://rhn.redhat.com/errata/RHSA-2011-1445.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 12:31:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 21:31:32 +0100 Subject: [SEC] [SA46668] Joomla! ALFContact Component Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201111112031.pABKVWHq020122@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Joomla! ALFContact Component Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46668 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46668/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46668 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46668/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46668/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46668 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Jose Carlos de Arriba has discovered multiple vulnerabilities in the ALFContact component for Joomla!, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "emailto_id" and "extravalue" parameters in index.php (when "option" is set to "com_alfcontact") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation of this vulnerability requires the victim user is running a browser which executes certain JavaScript statements from style tags (e.g. Internet Explorer 6). 2)Input passed to the "name", "email", and "subject" parameters in index.php (when "option" is set to "com_alfcontact") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.9.3. Prior versions may also be affected. SOLUTION: Update to version 1.9.4. PROVIDED AND/OR DISCOVERED BY: Jose Carlos de Arriba, Foreground Security ORIGINAL ADVISORY: ALFContact: http://alfsoft.com/alfcontact Jose Carlos de Arriba: http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0140.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 13:30:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 22:30:28 +0100 Subject: [SEC] [SA46833] HP StorageWorks P4000 Virtual SAN Appliance Software Buffer Overflow Message-ID: <201111112130.pABLUSV4012441@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: HP StorageWorks P4000 Virtual SAN Appliance Software Buffer Overflow SECUNIA ADVISORY ID: SA46833 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46833/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46833 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46833/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46833/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46833 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP StorageWorks P4000 Virtual SAN Appliance Software, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA43876 The vulnerability is reported in versions prior to 9.5. SOLUTION: Update to version 9.5. PROVIDED AND/OR DISCOVERED BY: Nicolas Gregoire, Agarri via ZDI. ORIGINAL ADVISORY: HPSBST02722 SSRT100279: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03082086 ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-111/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 14:26:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 23:26:41 +0100 Subject: [SEC] [SA46800] Hancom Office Document Processing Code Execution Vulnerability Message-ID: <201111112226.pABMQfKI004601@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Hancom Office Document Processing Code Execution Vulnerability SECUNIA ADVISORY ID: SA46800 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46800/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46800 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46800/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46800/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46800 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hancom Office, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error when processing certain document files (".hwp"). Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious file. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply patch (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reportedly exploited in the wild. ORIGINAL ADVISORY: Hancom: http://www.hancom.co.kr/notice.noticeView.do?targetRow=1¬ice_seqno=100 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 14:46:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 11 Nov 2011 23:46:16 +0100 Subject: [SEC] [SA46797] Juniper Junos MX Series "Ktree::createFourWayNode" Route Prefix Denial of Service Message-ID: <201111112246.pABMkG95027297@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Juniper Junos MX Series "Ktree::createFourWayNode" Route Prefix Denial of Service SECUNIA ADVISORY ID: SA46797 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46797/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46797 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46797/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46797/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46797 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Juniper Junos, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within "Ktree::createFourWayNode" when handling certain protocol-based route prefix actions. This can be exploited to corrupt the data structures within the MPC (Modular Port Concentrators) and cause a crash via e.g. a specially crafted BGP "UPDATE". NOTE: This only affects port concentrators based on the Trio chipset e.g. MPC or embedded into the MX80. The vulnerability is reported in versions 10.0, 10.1, 10.2, 10.3, 10.4 prior to 10.4R6, and 11.1 prior to 11.1R4. SOLUTION: Reportedly fixed in versions 10.0S18, 10.4R6, 11.1R4, and 11.2R1 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 15:10:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 00:10:58 +0100 Subject: [SEC] [SA46815] Google Chrome Multiple Vulnerabilities Message-ID: <201111112310.pABNAw50017859@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46815 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46815/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46815 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46815/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46815/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46815 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. 1) The application bundles a vulnerable version of the Adobe Flash player. For more information: SA46818 2) A double free error exists in the Theora decoder. 3) Some errors in the MKV and Vorbis media handlers can be exploited to perform an out of bounds read. 4) An error due to a regression within the VP8 decoding functionality can be exploited to corrupt memory. 5) An error in the Vorbis decoder can be exploited to cause a heap-based buffer overflow. 6) An error in the shader variable mapping can be exploited to cause a buffer overflow. 7) A use-after-free error exists within certain editing functionality. 8) The application fails to ask for permission when running some JRE7 applets. SOLUTION: Update to version 15.0.874.120. PROVIDED AND/OR DISCOVERED BY: 8) Chris Evans, Google Chrome Security Team. The vendor also credits: 2, 3, 5) Aki Helin, OUSPG. 4) Andrew Scherkus, Chromium development community. 6) Ken ?strcpy? Russell, Chromium development community. 7) pa_kt via ZDI. ORIGINAL ADVISORY: Google: http://googlechromereleases.blogspot.com/2011/11/stable-channel-update.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 15:46:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 00:46:56 +0100 Subject: [SEC] [SA46823] Apache HTTP Server "ap_pregsub()" Denial of Service Vulnerability Message-ID: <201111112346.pABNkuU4009007@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Apache HTTP Server "ap_pregsub()" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46823 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46823/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46823 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46823/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46823/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46823 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: halfdog has reported a vulnerability in Apache HTTP Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to the "apr_pregsub()" function (server/utils.c) not properly limiting the maximum size of environment variable values, which can be exploited to e.g. cause a huge memory consumption via a specially crafted ".htaccess" file. This is related to: SA45793 The vulnerability is reported in versions 2.0.64 and 2.2.21. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: halfdog ORIGINAL ADVISORY: http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/ http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 16:11:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 01:11:36 +0100 Subject: [SEC] [SA46836] Apple iOS for iPad Multiple Vulnerabilities Message-ID: <201111120011.pAC0BaKD031948@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Apple iOS for iPad Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46836 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46836/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46836 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46836/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46836/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46836 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people with physical access to bypass certain security restrictions and by malicious people to disclose certain sensitive information, conduct spoofing attacks, and compromise a user's device. For more information: SA46747 1) An error when using a Smart Cover while the device confirms power off in the locked state does not request a passcode and can be exploited to gain access to certain user data. NOTE: This vulnerability only affects iPad 2. SOLUTION: Apply iOS 5.0.1 Software Update (downloadable and installable via iTunes). PROVIDED AND/OR DISCOVERED BY: 1) Reported by the vendor. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5052 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 16:46:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 01:46:33 +0100 Subject: [SEC] [SA46758] Drupal String Overrides Module Two Script Insertion Vulnerabilities Message-ID: <201111120046.pAC0kXFp023042@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Drupal String Overrides Module Two Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA46758 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46758/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46758 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46758/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46758/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46758 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Justin Klein Keane has discovered two vulnerabilities in the String Overrides module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. 1) Input passed via e.g. the "string[0][replacement]" POST parameter to index.php (when "q" is set to "admin/settings/stringoverrides") when defining replacement strings is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) An error due to the index.php (when "q" is set to "admin/settings/stringoverrides/import") improperly verifying the content of uploaded files when importing replacement strings can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires the "administer string overrides" permission. The vulnerabilities are confirmed in version 6.x-1.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Justin Klein Keane ORIGINAL ADVISORY: http://www.madirish.net/content/drupal-string-overrides-module-xss OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 17:13:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 02:13:30 +0100 Subject: [SEC] [SA46838] Apple AirPort / Time Capsule "dhclient" Response Processing Input Sanitation Vulnerability Message-ID: <201111120113.pAC1DU5F013734@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Apple AirPort / Time Capsule "dhclient" Response Processing Input Sanitation Vulnerability SECUNIA ADVISORY ID: SA46838 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46838/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46838 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46838/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46838/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46838 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Apple has acknowledged a vulnerability in Apple AirPort and Time Capsule, which can be exploited by malicious people to compromise a vulnerable device. For more information: SA44037 SOLUTION: Update to firmware version 7.6 via AirPort Utility. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5005 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 17:46:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 02:46:12 +0100 Subject: [SEC] [SA46747] Apple iOS Multiple Vulnerabilities Message-ID: <201111120146.pAC1kChh004685@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Apple iOS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46747 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46747/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46747 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46747/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46747/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46747 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Apple iOS, which can be exploited by malicious people to disclose certain sensitive information, conduct spoofing attacks, and compromise a user's device. 1) An error within the CFNetwork component when handling URLs can be exploited to redirect a user to an incorrect server. This is related to vulnerability #4 in: SA46377 2) Multiple errors within the CoreGraphics component when handling FreeType fonts can be exploited to corrupt memory. 3) A logic error within the mmap system call when checking valid flag combinations can be exploited to bypass codesigning checks and execute unsigned code. Successful exploitation of this vulnerability requires that the user is tricked into installing a malicious App. 4) An error within libinfo when handling DNS name lookups can be exploited to spoof lookups. Successful exploitation of vulnerabilities #2 and #3 may allow execution of arbitrary code. SOLUTION: Apply iOS 5.0.1 Software Update (downloadable and installable via iTunes). PROVIDED AND/OR DISCOVERED BY: 2) Reported by the vendor. The vendor credits: 1) Erling Ellingsen, Facebook. 3) Charlie Miller, Accuvant Labs. 4) Erling Ellingsen, Facebook and Per Johansson, Blocket AB. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5052 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 18:11:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 03:11:27 +0100 Subject: [SEC] [SA46825] Ubuntu update for radvd Message-ID: <201111120211.pAC2BRoX027671@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for radvd SECUNIA ADVISORY ID: SA46825 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46825/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46825 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46825/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46825/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46825 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for radvd. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service). For more information: SA46200 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1257-1: http://www.ubuntu.com/usn/usn-1257-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 18:47:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 03:47:21 +0100 Subject: [SEC] [SA46826] Ubuntu update for clamav Message-ID: <201111120247.pAC2lLs1018815@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for clamav SECUNIA ADVISORY ID: SA46826 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46826/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46826 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46826/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46826/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46826 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA46455 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1258-1: http://www.ubuntu.com/usn/usn-1258-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 19:21:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 04:21:37 +0100 Subject: [SEC] [SA46820] Ubuntu update for firefox and xulrunner-1.9.2 Message-ID: <201111120321.pAC3Lbha010351@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for firefox and xulrunner-1.9.2 SECUNIA ADVISORY ID: SA46820 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46820/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46820 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46820/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46820/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46820 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for firefox and xulrunner-1.9.2. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system. For more information: SA46757 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1251-1: http://www.ubuntu.com/usn/usn-1251-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 19:49:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 04:49:37 +0100 Subject: [SEC] [SA46763] iGuard Biometric Access Control Unspecified Cross-Site Scripting Vulnerability Message-ID: <201111120349.pAC3nbii000998@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: iGuard Biometric Access Control Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46763 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46763/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46763 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46763/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46763/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46763 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Benjamin Kunz Mejri has reported a vulnerability in iGuard Biometric Access Control, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input related to employee records is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Benjamin Kunz Mejri via Vulnerability Research Laboratory. ORIGINAL ADVISORY: http://www.vulnerability-lab.com/get_content.php?id=104 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 20:16:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 05:16:54 +0100 Subject: [SEC] [SA46791] IBM Lotus Domino SSL/TLS Initialization Vector Selection Weakness Message-ID: <201111120416.pAC4Gs2M024175@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: IBM Lotus Domino SSL/TLS Initialization Vector Selection Weakness SECUNIA ADVISORY ID: SA46791 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46791/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46791 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46791/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46791/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46791 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in IBM Lotus Domino, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session. A design error exists within the implementation of SSL 3.0 and TLS 1.0 protocols. For more information: SA46168 The vulnerability is reported in versions 8.0, 8.5, 8.5.1, 8.5.2, and 8.5.3. SOLUTION: As a workaround enable RC4 encryption (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Thai Duong and Juliano Rizzo ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21568229 IBM ISS X-Force: http://xforce.iss.net/xforce/xfdb/70069 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 20:49:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 05:49:00 +0100 Subject: [SEC] [SA46818] Adobe Flash Player Multiple Vulnerabilities Message-ID: <201111120449.pAC4n0FT015114@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Adobe Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46818 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46818/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46818 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46818/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46818/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46818 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Flash Player, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. 1) An unspecified error can be exploited to corrupt memory. 2) An unspecified error can be exploited to cause a heap-based buffer overflow. 3) An unspecified error can be exploited to corrupt memory. 4) An unspecified error can be exploited to corrupt memory. 5) An unspecified error can be exploited to corrupt memory. 6) An unspecified error can be exploited to corrupt memory. 7) An unspecified error can be exploited to corrupt memory. 8) An unspecified error can be exploited to cause a buffer overflow. 9) An unspecified error can be exploited to cause a stack-based buffer overflow. 10) An unspecified error can be exploited to bypass the cross-domain policy. Note: This vulnerability affects users running Internet Explorer only. 11) An unspecified error can be exploited to corrupt memory. 12) An unspecified error can be exploited to corrupt memory. Successful exploitation of vulnerabilities #1 through #9, #11, and #12 may allow execution of arbitrary code. The vulnerabilities are reported in the following products: * Adobe Flash Player versions 11.0.1.152 and prior for Windows, Macintosh, Linux, and Solaris * Adobe Flash Player versions 11.0.1.153 and prior for Android * Adobe AIR versions 3.0 for Windows, Macintosh, and Android SOLUTION: Update to a fixed version. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Ivan Golenkov and Alexander Gostev, Kaspersky Lab 2-6, 9, 12) Tavis Ormandy, Google Security Team 7) Bo Qu, Palo Alto Networks 8) Ben Hawkes, Google Security Team 10) lakehu, Tencent Security Center 11) anonymous via iDefense Labs ORIGINAL ADVISORY: http://www.adobe.com/support/security/bulletins/apsb11-28.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 21:13:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 06:13:03 +0100 Subject: [SEC] [SA46806] Ubuntu update for apache2 Message-ID: <201111120513.pAC5D3CA005647@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for apache2 SECUNIA ADVISORY ID: SA46806 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46806/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46806 RELEASE DATE: 2011-11-11 DISCUSS ADVISORY: http://secunia.com/advisories/46806/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46806/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46806 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for apache2. This fixes a weakness and a vulnerability, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). For more information: SA46013 SA46288 NOTE: This update also fixes a regression caused by a fix for CVE-2011-3192. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1259-1: http://www.ubuntu.com/usn/usn-1259-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 21:47:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 06:47:55 +0100 Subject: [SEC] [SA46038] WordPress Adsense Extreme Plugin "adsensextreme[lang]" File Inclusion Vulnerability Message-ID: <201111120547.pAC5ltZb029104@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress Adsense Extreme Plugin "adsensextreme[lang]" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA46038 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46038/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46038 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46038/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46038/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46038 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Adsense Extreme plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "adsensextreme[lang]" POST parameter to wp-content/plugins/adsense-extreme/adsensextremeadminpage.php is not properly sanitised before being used to include files. This can be exploited to include arbitrary files from local or external resources. The vulnerability is confirmed in version 1.0.3. Prior versions may also be affected. SOLUTION: Update to version 1.0.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Adsense Extreme plugin: http://wordpress.org/extend/plugins/adsense-extreme/changelog/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 11 22:14:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 07:14:16 +0100 Subject: [SEC] [SA46099] ScriptFTP LIST Command Response Processing Buffer Overflow Vulnerability Message-ID: <201111120614.pAC6EGOx019762@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: ScriptFTP LIST Command Response Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46099 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46099/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46099 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46099/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46099/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46099 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Digital Echidna has discovered a vulnerability in ScriptFTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing filenames within a directory listing. This can be exploited to cause a stack-based buffer overflow via a specially crafted FTP LIST command response. Successful exploitation allows execution of arbitrary code, but requires tricking a user into connecting to a malicious server. The vulnerability is confirmed in version 3.3. Other versions may also be affected. SOLUTION: Do not connect to untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: modpr0be, Digital Echidna. ORIGINAL ADVISORY: http://www.digital-echidna.org/2011/09/scriptftp-3-3-remote-buffer-overflow-exploit-0day/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 10:35:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 19:35:07 +0100 Subject: [SEC] [SA46012] Nortel Contact Recording "getSubKeys()" SQL Injection Vulnerability Message-ID: <201111121835.pACIZ7Ik014554@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Nortel Contact Recording "getSubKeys()" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46012 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46012/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46012 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46012/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46012/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46012 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: rgod has reported a vulnerability in Nortel Contact Recording, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the SOAP messages to EyrAPI/EyrAPIConfiguration/EyrAPIConfigurationIf is not properly sanitised in the "getSubKeys()" function before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 6.5.1. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: rgod ORIGINAL ADVISORY: http://retrogod.altervista.org/9sg_nortel.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 11:34:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 20:34:14 +0100 Subject: [SEC] [SA46142] Red Hat update for flash-plugin Message-ID: <201111121934.pACJYEFA006859@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for flash-plugin SECUNIA ADVISORY ID: SA46142 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46142/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46142 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46142/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46142/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46142 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for flash-plugin. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. For more information: SA46113 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1333-01: https://rhn.redhat.com/errata/RHSA-2011-1333.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 12:34:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 21:34:52 +0100 Subject: [SEC] [SA46032] Audacious Plugins libmodplug Multiple Vulnerabilities Message-ID: <201111122034.pACKYqon031655@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Audacious Plugins libmodplug Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46032 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46032/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46032 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46032/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46032/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46032 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Audacious has acknowledged some vulnerabilities in Audacious Plugins, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. For more information: SA45131 The vulnerabilities are reported in versions prior to 3.0.3. SOLUTION: Update to version 3.0.3. ORIGINAL ADVISORY: http://jira.atheme.org/browse/AUDPLUG-394 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 13:34:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 22:34:08 +0100 Subject: [SEC] [SA46151] Ubuntu update for gimp Message-ID: <201111122134.pACLY8jv023985@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for gimp SECUNIA ADVISORY ID: SA46151 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46151/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46151 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46151/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46151/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46151 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for gimp. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA45621 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1214-1: http://www.ubuntu.com/usn/usn-1214-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 14:29:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 23:29:13 +0100 Subject: [SEC] [SA46123] TWiki Two Cross-Site Scripting Vulnerabilities Message-ID: <201111122229.pACMTDHK016105@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: TWiki Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46123 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46123/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46123 RELEASE DATE: 2011-09-23 DISCUSS ADVISORY: http://secunia.com/advisories/46123/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46123/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46123 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Mesut Timur has discovered two vulnerabilities in TWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "newtopic" parameter in bin/view/Main/Jump (when "template" is set to "WebCreateNewTopic") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the URL to pages containing a slideshow presentation using the SlideShowPlugin is not properly sanitised in lib/TWiki/Plugins/SlideShowPlugin/SlideShow.pm before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 5.0.2. Prior versions may also be affected. SOLUTION: Update to version 5.1.0. PROVIDED AND/OR DISCOVERED BY: Mesut Timur, Mavituna Security. ORIGINAL ADVISORY: TWiki: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2011-3010 Mavituna Security (NS-11-006): http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0267.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 14:49:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 12 Nov 2011 23:49:38 +0100 Subject: [SEC] [SA46106] WordPress MediaRSS external gallery Plugin TimThumb Arbitrary File Upload Message-ID: <201111122249.pACMnchM006435@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress MediaRSS external gallery Plugin TimThumb Arbitrary File Upload SECUNIA ADVISORY ID: SA46106 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46106/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46106 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46106/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46106/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46106 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the MediaRSS external gallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a bundled vulnerable version of TimThumb. For more information see vulnerability #1 in: SA45416 The vulnerability is reported in version 0.1. Prior versions may also be affected. SOLUTION: Update to version 0.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: MediaRSS external gallery: http://wordpress.org/extend/plugins/mediarss-external-gallery/changelog/ http://plugins.trac.wordpress.org/changeset/439125/mediarss-external-gallery/trunk/timthumb.php?old=376362&old_path=mediarss-external-gallery%2Ftrunk%2Ftimthumb.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 15:14:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 00:14:17 +0100 Subject: [SEC] [SA46072] WordPress WP Marketplace Plugin "src" Arbitrary File Upload Vulnerability Message-ID: <201111122314.pACNEHnI029405@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress WP Marketplace Plugin "src" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46072 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46072/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46072 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46072/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46072/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46072 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the WP Marketplace plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/wp-marketplace/libs/timthumb.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files. This may be related to vulnerability #1 in: SA45416 The vulnerability is confirmed in version 1.1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 15:48:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 00:48:55 +0100 Subject: [SEC] [SA46043] Fedora update for audacious-plugins Message-ID: <201111122348.pACNmtw2020470@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for audacious-plugins SECUNIA ADVISORY ID: SA46043 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46043/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46043 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46043/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46043/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46043 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for audacious-plugins. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. For more information: SA46032 SOLUTION: Apply updated packages via the yum utility ("yum update audacious-plugins"). ORIGINAL ADVISORY: FEDORA-2011-12370: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066044.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 16:14:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 01:14:23 +0100 Subject: [SEC] [SA46039] WordPress Zingiri Web Shop Plugin "wpabspath" File Inclusion Vulnerabilities Message-ID: <201111130014.pAD0ENNX011075@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress Zingiri Web Shop Plugin "wpabspath" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA46039 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46039/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46039 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46039/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46039/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46039 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ben Schmidt has discovered two vulnerabilities in the Zingiri Web Shop plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "wpabspath" parameter to wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php and wp-content/plugins/zingiri-web-shop/fwkfor/ajax/init.inc.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. The vulnerabilities are confirmed in version 2.2.0. Prior versions may also be affected. SOLUTION: Update to version 2.2.1. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Zingiri Web Shop: http://wiki.zingiri.com/index.php?title=Changelog Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 16:48:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 01:48:50 +0100 Subject: [SEC] [SA46067] WordPress TheCartPress Plugin "tcp_class_path" File Inclusion Vulnerability Message-ID: <201111130048.pAD0moXU002054@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress TheCartPress Plugin "tcp_class_path" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA46067 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46067/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46067 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46067/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46067/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46067 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ben Schmidt has discovered a vulnerability in the TheCartPress plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "tcp_class_path" parameter to wp-content/plugins/thecartpress/checkout/CheckoutEditor.php (when "tcp_save_fields" is set) is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. The vulnerability is confirmed in version 1.1.1. Prior versions may also be affected. SOLUTION: Update to version 1.1.2. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: TheCartPress: http://plugins.trac.wordpress.org/changeset/438950/thecartpress/trunk/checkout/CheckoutEditor.php?old=438924&old_path=thecartpress%2Ftrunk%2Fcheckout%2FCheckoutEditor.php Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 17:15:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 02:15:41 +0100 Subject: [SEC] [SA46069] WordPress WP Easy Stats Plugin "homep" File Inclusion Vulnerability Message-ID: <201111130115.pAD1FfLw025204@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress WP Easy Stats Plugin "homep" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA46069 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46069/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46069 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46069/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46069/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46069 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ben Schmidt has discovered a vulnerability in the WP Easy Stats plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "homep" parameter to wp-content/plugins/wpeasystats/export.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. The vulnerability is confirmed in version 1.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 17:48:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 02:48:33 +0100 Subject: [SEC] [SA46040] WordPress Mailing List Plugin "wpabspath" File Inclusion Vulnerability Message-ID: <201111130148.pAD1mXHv016177@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress Mailing List Plugin "wpabspath" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA46040 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46040/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46040 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46040/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46040/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46040 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ben Schmidt has discovered a vulnerability in the Mailing List plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "wpabspath" parameter to e.g. wp-content/plugins/mailz/lists/lt.php or wp-content/plugins/mailz/lists/index.php is not properly verified in wp-content/plugins/mailz/lists/config/config.php before being used to include files. This can be exploited to include arbitrary files from local or external resources. The vulnerability is confirmed in version 1.3.3. Prior versions may also be affected. SOLUTION: Update to version 1.3.4 or later. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: WordPress Mailing List Plugin: http://wordpress.org/extend/plugins/mailz/changelog Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 18:15:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 03:15:27 +0100 Subject: [SEC] [SA44352] Pligg CMS Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201111130215.pAD2FR0B006858@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Pligg CMS Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA44352 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44352/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44352 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/44352/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44352/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44352 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Pligg CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "date" parameter in search.php (when "advancedsearch" is set to any value) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This vulnerability is confirmed in version 1.1.4. Other versions may also be affected. 2) Input passed to the "return" parameter in login.php, "q" and "search" parameters in search.php, and "page" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "keyword" parameter in user.php (when "view" is set to "search") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. These vulnerabilities are confirmed in version 1.1.5. Prior versions may also be affected. SOLUTION: Update to version 1.2.0. PROVIDED AND/OR DISCOVERED BY: 1) Sow Ching Shiong, via Secunia. Additional information about vulnerabilities #2 and #3 provided by Secunia Research. ORIGINAL ADVISORY: http://forums.pligg.com/current-version/24251-pligg-content-management-system-1-2-0-download.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 18:48:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 03:48:20 +0100 Subject: [SEC] [SA46102] Google Chrome Flash Player Multiple Vulnerabilities Message-ID: <201111130248.pAD2mKhI030232@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Google Chrome Flash Player Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46102 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46102/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46102 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46102/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46102/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46102 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and compromise a user's system. The vulnerabilities are caused due to vulnerabilities in the bundled version of Adobe Flash Player. For more information: SA46113 SOLUTION: Update to version 14.0.835.186. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_20.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 19:22:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 04:22:46 +0100 Subject: [SEC] [SA46061] Cisco Identity Services Engine Undocumented Database Account Security Issue Message-ID: <201111130322.pAD3MkQ7024552@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Cisco Identity Services Engine Undocumented Database Account Security Issue SECUNIA ADVISORY ID: SA46061 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46061/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46061 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46061/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46061/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46061 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Cisco Identity Services Engine, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the appliance including an undocumented database account with default credentials. This can be exploited to modify the configuration and settings of a device. The security issue is reported in versions prior to 1.0.4.573. SOLUTION: Update to version 1.0.4.573. PROVIDED AND/OR DISCOVERED BY: The vendor credits Andrey Ovrashko and Sergey Bondarenko, BMS Consulting. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110920-ise.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 19:47:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 04:47:11 +0100 Subject: [SEC] [SA46062] Ubuntu update for ffmpeg Message-ID: <201111130347.pAD3lBel010595@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Ubuntu update for ffmpeg SECUNIA ADVISORY ID: SA46062 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46062/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46062 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46062/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46062/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46062 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for ffmpeg. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA43197 SA43683 SA44378 SA45532 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1209-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001419.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 20:11:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 05:11:21 +0100 Subject: [SEC] [SA46064] Red Hat update for cyrus-imapd Message-ID: <201111130411.pAD4BLCY001044@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Red Hat update for cyrus-imapd SECUNIA ADVISORY ID: SA46064 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46064/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46064 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46064/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46064/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46064 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for cyrus-imapd. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. For more information see vulnerability #1 in: SA45938 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1317-01: https://rhn.redhat.com/errata/RHSA-2011-1317.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 20:46:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 05:46:13 +0100 Subject: [SEC] [SA46070] WordPress Annonces Plugin "abspath" and "mainPluginFile" File Inclusion Vulnerabilities Message-ID: <201111130446.pAD4kDoa024594@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress Annonces Plugin "abspath" and "mainPluginFile" File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA46070 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46070/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46070 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46070/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46070/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46070 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in the Annonces plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. 1) Input passed via the "abspath" parameter to wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. 2) Input passed via the "mainPluginFile" parameter to wp-content/plugins/annonces/includes/lib/photo/uploadPhoto.php (when "abspath" is set to e.g. "../../../../../../") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. The vulnerabilities are confirmed in version 1.2.0.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: 1, 2) Ben Schmidt. Additional information provided by Secunia Research. ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 21:12:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 06:12:09 +0100 Subject: [SEC] [SA46048] Red Hat Multiple JBoss Products Web Services Native Denial of Service Vulnerability Message-ID: <201111130512.pAD5C9X6015217@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Red Hat Multiple JBoss Products Web Services Native Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46048 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46048/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46048 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46048/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46048/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46048 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has acknowledged a vulnerability in multiple JBoss products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within JBoss Web Services Native when handling recursive entity resolution with embedded DTDs (Document Type Definitions), which can be exploited to cause CPU resource exhaustion by using a specially crafted POST HTTP request. The vulnerability is reported in the following products (please see vendor's advisories for details): * JBoss Communications Platform 1.2.11 * JBoss Communications Platform 5.1.1 * JBoss Enterprise Application Platform 4.2.0.CP09 * JBoss Enterprise Application Platform 4.3.0 * JBoss Enterprise Application Platform 5.1.1 * JBoss Enterprise BRMS Platform 5.1.0 * JBoss Enterprise Portal Platform 4.3.CP06 * JBoss Enterprise Portal Platform 5.1.1 * JBoss Enterprise SOA Platform 4.2.CP05 and 4.3.CP05 * JBoss Enterprise SOA Platform 5.1.0 * JBoss Enterprise Web Platform 5.1.1 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: Red Hat Bug#692584: https://bugzilla.redhat.com/show_bug.cgi?id=692584 RHSA-2011:1301-01: https://rhn.redhat.com/errata/RHSA-2011-1301.html RHSA-2011:1302-01: https://rhn.redhat.com/errata/RHSA-2011-1302.html RHSA-2011:1303-01: https://rhn.redhat.com/errata/RHSA-2011-1303.html RHSA-2011:1304-01: https://rhn.redhat.com/errata/RHSA-2011-1304.html RHSA-2011:1305-01: https://rhn.redhat.com/errata/RHSA-2011-1305.html RHSA-2011:1306-01: https://rhn.redhat.com/errata/RHSA-2011-1306.html RHSA-2011:1307-01: https://rhn.redhat.com/errata/RHSA-2011-1307.html RHSA-2011:1308-01: https://rhn.redhat.com/errata/RHSA-2011-1308.html RHSA-2011:1309-01: https://rhn.redhat.com/errata/RHSA-2011-1309.html RHSA-2011:1310-01: https://rhn.redhat.com/errata/RHSA-2011-1310.html RHSA-2011:1311-01: https://rhn.redhat.com/errata/RHSA-2011-1311.html RHSA-2011:1312-01: https://rhn.redhat.com/errata/RHSA-2011-1312.html RHSA-2011:1313-01: https://rhn.redhat.com/errata/RHSA-2011-1313.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 21:46:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 06:46:14 +0100 Subject: [SEC] [SA46104] SUSE update for kernel Message-ID: <201111130546.pAD5kE9Q006246@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA46104 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46104/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46104 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46104/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46104/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46104 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to conduct session hijacking attacks, cause a DoS (Denial of Service), and potentially gain escalated privileges, by malicious people with physical access to potentially compromise a vulnerable system, and by malicious people to cause a DoS. For more information: SA41493 SA43716 SA44094 SA44248 SA45695 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SA:2011:040: http://www.suse.com/support/security/advisories/2011_40_kernel.html SUSE-SU-2011:1058-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00023.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 12 22:11:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 07:11:06 +0100 Subject: [SEC] [SA46017] WordPress iSlidex Plugin TimThumb Arbitrary File Upload Vulnerability Message-ID: <201111130611.pAD6B6Pv029208@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress iSlidex Plugin TimThumb Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46017 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46017/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46017 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46017/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46017/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46017 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the iSlidex plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a bundled vulnerable version of TimThumb. For more information see vulnerability #1 in: SA45416 The vulnerability is reported in version 2.7.0. Prior versions may also be affected. SOLUTION: Update to version 2.7.1. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ iSlidex Changelog: http://wordpress.org/extend/plugins/islidex/changelog/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 10:31:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 19:31:50 +0100 Subject: [SEC] [SA46074] Fedora update for wireshark Message-ID: <201111131831.pADIVoAw023970@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for wireshark SECUNIA ADVISORY ID: SA46074 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46074/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46074 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46074/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46074/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46074 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. For more information: SA45927 SOLUTION: Apply updated packages via the yum utility ("yum update wireshark"). ORIGINAL ADVISORY: FEDORA-2011-12423: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066140.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 11:45:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 20:45:02 +0100 Subject: [SEC] [SA46023] JasperServer Cross-Site Request Forgery Vulnerability Message-ID: <201111131945.pADJj2HK005807@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: JasperServer Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA46023 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46023/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46023 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46023/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46023/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46023 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in JasperServer, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. add new users when a logged-in administrator visits a specially crafted web page. The vulnerability is reported in JasperServer version 3.7.0 CE and 3.7.1 CE. Other versions may also be affected. SOLUTION: Do not browse untrusted websites while being logged in to the application. PROVIDED AND/OR DISCOVERED BY: Jos? Vila Montaner, S2Grupo CSIRT-cv. ORIGINAL ADVISORY: http://www.csirtcv.gva.es/sites/all/files/images/content/%5BCSIRT-cv%5D%20JasperServer%203.7.0%20CE%20CSRF%20Advisory.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 11:45:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 20:45:07 +0100 Subject: [SEC] [SA46094] EViews Program File Processing Buffer Overflow Vulnerability Message-ID: <201111131945.pADJj7Fq005918@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: EViews Program File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46094 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46094/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46094 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46094/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46094/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46094 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in EViews, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when handling "subroutine" declarations within program files. This can be exploited to cause a heap-based buffer overflow via a specially crafted ".prg" file. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file. The vulnerability is confirmed in version 7.0.0.1. Other versions may also be affected. SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/eviews_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 12:31:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 21:31:38 +0100 Subject: [SEC] [SA46078] Fedora update for librsvg2 Message-ID: <201111132031.pADKVcDr030350@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for librsvg2 SECUNIA ADVISORY ID: SA46078 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46078/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46078 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46078/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46078/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46078 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for librsvg2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA45877 SOLUTION: Apply updated packages via the yum utility ("yum update librsvg2"). ORIGINAL ADVISORY: FEDORA-2011-12301: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066127.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 13:31:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 22:31:03 +0100 Subject: [SEC] [SA46059] MetaServer RT Packet Processing Denial of Service Vulnerability Message-ID: <201111132131.pADLV3PG022685@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: MetaServer RT Packet Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46059 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46059/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46059 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46059/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46059/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46059 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in MetaServer RT, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain packets and can be exploited to cause a crash via a specially crafted packet sent to TCP port 2194. The vulnerability is confirmed in version 3.2.1.450. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/metaserver_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 14:25:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 23:25:36 +0100 Subject: [SEC] [SA46081] Gerd Tentler Simple Forum "sfText" Cross-Site Scripting Vulnerability Message-ID: <201111132225.pADMPaGT014767@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Gerd Tentler Simple Forum "sfText" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46081 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46081/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46081 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46081/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46081/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46081 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Rodolfo H-Baz has discovered a vulnerability in Gerd Tentler SimpleForum, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "sfText" POST parameter in forum.php (when "new" is set and the POST request is not considered valid by the application) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 3.11. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Rodolfo H-Baz aka Pr at fEsOr X ORIGINAL ADVISORY: http://www.ccat.edu.mx/advisors/advisor12/SimpleForum311%20-%20Multiple%20Vulnerabilities.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 14:46:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 13 Nov 2011 23:46:42 +0100 Subject: [SEC] [SA46075] Fedora update for openttd Message-ID: <201111132246.pADMkgmm005132@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for openttd SECUNIA ADVISORY ID: SA46075 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46075/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46075 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46075/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46075/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46075 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openttd. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA45832 SOLUTION: Apply updated packages via the yum utility ("yum update openttd"). ORIGINAL ADVISORY: FEDORA-2011-12975: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066128.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 15:12:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 00:12:00 +0100 Subject: [SEC] [SA45989] EtherApe RPC Packet Processing NULL Pointer Dereference Vulnerability Message-ID: <201111132312.pADNC03P028098@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: EtherApe RPC Packet Processing NULL Pointer Dereference Vulnerability SECUNIA ADVISORY ID: SA45989 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45989/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45989 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/45989/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45989/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45989 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in EtherApe, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing certain packets containing RPC calls and can be exploited to cause a NULL pointer dereference via specially crafted packets. The vulnerability is reported in versions prior to 0.9.12. SOLUTION: Update to version 0.9.12. PROVIDED AND/OR DISCOVERED BY: Reported in a bug by David Goldfarb. ORIGINAL ADVISORY: http://etherape.sourceforge.net/NEWS.html http://sourceforge.net/tracker/?func=detail&aid=3309061&group_id=2712&atid=102712 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 15:48:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 00:48:06 +0100 Subject: [SEC] [SA46033] KnProxy URL Disclosure Security Issue Message-ID: <201111132348.pADNm6NV019230@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: KnProxy URL Disclosure Security Issue SECUNIA ADVISORY ID: SA46033 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46033/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46033 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46033/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46033/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46033 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in KnProxy, which can be exploited by malicious people to disclose certain sensitive information. The security issue is caused due to the application not properly encrypting the URLs and could lead to certain URLs being sent in clear text. The vulnerability is reported in version 4.32. SOLUTION: Update to version 4.33. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://freshmeat.net/projects/knproxy/announcements/843-attention-to-users-on-v432 http://kanoha.org/2011/09/18/knproxy-security-update-v4-33/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 16:12:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 01:12:49 +0100 Subject: [SEC] [SA46080] HP Business Service Automation Essentials Unspecified Vulnerability Message-ID: <201111140012.pAE0Cn4n009811@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: HP Business Service Automation Essentials Unspecified Vulnerability SECUNIA ADVISORY ID: SA46080 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46080/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46080 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46080/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46080/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46080 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Business Service Automation Essentials, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error. No further information is currently available. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 2.01. SOLUTION: Apply hotfix QCCR1D134337. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMU02705 SSRT100622: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03014398 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 16:47:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 01:47:20 +0100 Subject: [SEC] [SA46047] WordPress Filedownload Plugin "path" File Disclosure Vulnerability Message-ID: <201111140047.pAE0lK5m000787@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress Filedownload Plugin "path" File Disclosure Vulnerability SECUNIA ADVISORY ID: SA46047 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46047/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46047 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46047/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46047/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46047 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Filedownload plugin for WordPress, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "path" parameter in wp-content/plugins/filedownload/download.php is not properly verified before being used to download files. This can be exploited to disclose the contents of arbitrary files via directory traversal attacks. The vulnerability is confirmed in version 0.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Septemb0x ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17858/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 17:15:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 02:15:44 +0100 Subject: [SEC] [SA46063] iManager Multiple Vulnerabilities Message-ID: <201111140115.pAE1Fi6f023981@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: iManager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46063 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46063/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46063 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46063/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46063/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46063 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered multiple vulnerabilities in iManager, which can be exploited by malicious people to conduct cross-site scripting attacks, manipulate certain data, and disclose sensitive information. 1) Input passed via the "dir" parameter to scripts/random.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "d" parameter to scripts/phpCrop/crop.php (when "s" is set) is not properly verified before being used to delete files. This can be exploited to delete arbitrary files with the permissions of the web server via directory traversal sequences. 3) Input passed via the "lang" parameter to e.g. imanager.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. The vulnerabilities are confirmed in version 1.2.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised and verified. PROVIDED AND/OR DISCOVERED BY: Gjoko 'LiquidWorm' Krstic ORIGINAL ADVISORY: ZSL-2011-5042: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5042.php ZSL-2011-5043: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5043.php ZSL-2011-5045: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5045.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 17:48:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 02:48:38 +0100 Subject: [SEC] [SA46037] Fedora update for php Message-ID: <201111140148.pAE1mcxf014964@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for php SECUNIA ADVISORY ID: SA46037 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46037/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46037 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46037/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46037/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46037 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for php. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. For more information: SA44874 SOLUTION: Apply updated packages via the yum utility ("yum update php php-eaccelerator maniadrive"). ORIGINAL ADVISORY: FEDORA-2011-11537: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066102.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066103.html http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066104.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 18:13:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 03:13:37 +0100 Subject: [SEC] [SA46051] WordPress Count Per Day Plugin "month" SQL Injection Vulnerability Message-ID: <201111140213.pAE2DbW7005534@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress Count Per Day Plugin "month" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46051 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46051/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46051 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46051/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46051/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46051 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Miroslav Stampar has discovered a vulnerability in the Count Per Day plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "month" parameter to wp-content/plugins/count-per-day/notes.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 2.17. Prior versions may also be affected. SOLUTION: Upgrade to version 3.0. PROVIDED AND/OR DISCOVERED BY: Miroslav Stampar ORIGINAL ADVISORY: Count Per Day: http://plugins.trac.wordpress.org/changeset/434199/count-per-day/tags/2.17/notes.php?old=359115&old_path=count-per-day%2Ftrunk%2Fnotes.php Miroslav Stampar: http://unconciousmind.blogspot.com/2011/09/wordpress-count-per-day-plugin-217-sql.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 18:48:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 03:48:20 +0100 Subject: [SEC] [SA46082] Gerry GuestBook "gbText" Cross-Site Scripting Vulnerability Message-ID: <201111140248.pAE2mKnC028972@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Gerry GuestBook "gbText" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46082 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46082/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46082 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46082/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46082/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46082 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Gerry GuestBook, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "gbText" parameter to guestbook.php (when "sign" is set to "2") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.21. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Pr at fesOr X OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 19:25:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 04:25:07 +0100 Subject: [SEC] [SA46068] WordPress AllWebMenus Plugin "abspath" File Inclusion Vulnerability Message-ID: <201111140325.pAE3P7bD020630@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress AllWebMenus Plugin "abspath" File Inclusion Vulnerability SECUNIA ADVISORY ID: SA46068 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46068/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46068 RELEASE DATE: 2011-09-20 DISCUSS ADVISORY: http://secunia.com/advisories/46068/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46068/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46068 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ben Schmidt has discovered a vulnerability in the AllWebMenus plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "abspath" parameter to wp-content/plugins/allwebmenus-wordpress-menu-plugin/actions.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. The vulnerability is confirmed in version 1.1.3. Prior versions may also be affected. SOLUTION: Update to version 1.1.4. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: AllWebMenus: http://plugins.trac.wordpress.org/changeset/438959/allwebmenus-wordpress-menu-plugin/trunk/actions.php?old=408304&old_path=allwebmenus-wordpress-menu-plugin%2Ftrunk%2Factions.php Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 19:51:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 04:51:39 +0100 Subject: [SEC] [SA46044] Toko Lite CMS "path" and "currPath" Cross-Site Scripting Vulnerabilities Message-ID: <201111140351.pAE3pdWF011284@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Toko Lite CMS "path" and "currPath" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46044 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46044/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46044 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46044/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46044/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46044 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered two vulnerabilities in Toko Lite CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "path" and "currPath" POST parameters to EditNavBar.php is not properly sanitised in LoadConfig.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.5.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Gjoko Krstic, Zero Science ORIGINAL ADVISORY: ZSL-2011-5047: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5047.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 20:16:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 05:16:49 +0100 Subject: [SEC] [SA46060] OpenVZ update for kernel Message-ID: <201111140416.pAE4Gned001780@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: OpenVZ update for kernel SECUNIA ADVISORY ID: SA46060 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46060/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46060 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46060/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46060/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46060 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: OpenVZ has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, and cause a DoS (Denial of Service) and by malicious people to potentially compromise a vulnerable system. For more information: SA45746 SOLUTION: Update kernel branch RHEL6 to version 042stab037.1. ORIGINAL ADVISORY: http://wiki.openvz.org/Download/kernel/rhel6/042stab037.1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 20:57:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 05:57:59 +0100 Subject: [SEC] [SA46087] Ayco Resim Galeri "catid" SQL Injection Vulnerability Message-ID: <201111140457.pAE4vxN5025633@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Ayco Resim Galeri "catid" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46087 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46087/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46087 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46087/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46087/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46087 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ayco Resim Galeri, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "catid" parameter to default.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: m3rciL3Ss OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 21:28:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 06:28:27 +0100 Subject: [SEC] [SA46083] IBM WebSphere Commerce Dojo Toolkit Redirection Weaknesses and Cross-Site Scripting Message-ID: <201111140528.pAE5SR9b016480@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Commerce Dojo Toolkit Redirection Weaknesses and Cross-Site Scripting SECUNIA ADVISORY ID: SA46083 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46083/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46083 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46083/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46083/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46083 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged some weaknesses and vulnerabilities in IBM WebSphere Commerce, which can be exploited by malicious people to conduct redirection and cross-site scripting attacks. For more information: SA38964 The weaknesses and vulnerabilities are reported in version 6 Feature Pack 5. SOLUTION: Upgrade to version 7 Feature Pack 3 or apply workaround. Please see the vendor's advisory for details. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg1JR40578 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 21:49:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 06:49:35 +0100 Subject: [SEC] [SA46014] Mercator Sentinel SQL Injection Vulnerability Message-ID: <201111140549.pAE5nZCa006837@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Mercator Sentinel SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46014 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46014/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46014 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46014/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46014/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46014 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Youssef Manar has reported a vulnerability in Mercator Sentinel, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input related to the login form is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 2.0.0.0. SOLUTION: Update to version 2.0.1.0 when available. PROVIDED AND/OR DISCOVERED BY: Youssef Manar, CERT-NETPEAS. ORIGINAL ADVISORY: CERT-NETPEAS (CERT-NPS:2011:005): http://cert.netpeas.org/2011/06/cert-nps2011005-vulnerabilite-potentielle-dans-la-solution-de-gestion-de-la-securite-operationnelle-des-compagnies-aeriennes-suite/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sun Nov 13 22:14:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 07:14:57 +0100 Subject: [SEC] [SA46042] Fedora update for bcfg2 Message-ID: <201111140614.pAE6EvmT029821@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for bcfg2 SECUNIA ADVISORY ID: SA46042 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46042/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46042 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46042/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46042/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46042 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for bcfg2. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA45807 SOLUTION: Apply updated packages via the yum utility ("yum update bcfg2"). ORIGINAL ADVISORY: FEDORA-2011-12303: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066070.html FEDORA-2011-13181: http://lists.fedoraproject.org/pipermail/package-announce/2011-October/067412.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 10:35:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 19:35:06 +0100 Subject: [SEC] [SA46802] Linux Kernel "journal_get_superblock()" Denial of Service Vulnerabilities Message-ID: <201111141835.pAEIZ6Ej024520@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Linux Kernel "journal_get_superblock()" Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46802 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46802/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46802 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46802/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46802/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46802 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerabilities are caused due to an error within the "journal_get_superblock()" functions (fs/jbd/journal.c and fs/jbd2/journal.c) and can be exploited to trigger a "BUG_ON()" by e.g. mounting specially crafted ext3 images. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Eryu Guan ORIGINAL ADVISORY: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8762202dd0d6e46854f786bdb6fb3780a1625efe OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 11:36:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 20:36:09 +0100 Subject: [SEC] [SA46834] Joomla! Security Bypass Weakness and Cross-Site Scripting Vulnerability Message-ID: <201111141936.pAEJa9H4016904@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Joomla! Security Bypass Weakness and Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46834 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46834/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46834 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46834/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46834/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46834 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and a vulnerability have been reported in Joomla!, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This vulnerability is reported in versions prior to 1.7.3. 2) An error in the random number generation when resetting passwords can be exploited to change a user's password. This weakness is reported in versions prior to 1.7.3 and 1.5.25. SOLUTION: Update to version 1.7.3 or 1.5.25. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Corn? Hannema 2) David Jardin ORIGINAL ADVISORY: http://developer.joomla.org/security/news/373-20111101-core-xss-vulnerability http://developer.joomla.org/security/news/374-20111102-core-password-change http://developer.joomla.org/security/news/375-20111103-core-password-change OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 12:34:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 21:34:29 +0100 Subject: [SEC] [SA46842] Hotaru CMS Search Plugin "search" Cross-Site Scripting Vulnerability Message-ID: <201111142034.pAEKYT2b009175@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Hotaru CMS Search Plugin "search" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46842 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46842/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46842 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46842/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46842/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46842 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gjoko Krstic has discovered a vulnerability in the Search plugin for Hotaru CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "search" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Gjoko 'LiquidWorm' Krstic, Zero Science Lab. ORIGINAL ADVISORY: ZSL-2011-5057: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5057.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 13:36:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 22:36:59 +0100 Subject: [SEC] [SA46876] Fedora update for cacti Message-ID: <201111142136.pAELax23001572@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for cacti SECUNIA ADVISORY ID: SA46876 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46876/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46876 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46876/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46876/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46876 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for cacti. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. For more information: SA44133 SOLUTION: Apply updated packages via the yum utility ("yum update cacti"). ORIGINAL ADVISORY: FEDORA-2011-15110: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069137.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 14:34:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 14 Nov 2011 23:34:14 +0100 Subject: [SEC] [SA46858] Xlight FTP Server SFTP/SSH2 Connection Denial of Service Vulnerability Message-ID: <201111142234.pAEMYEDE026246@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Xlight FTP Server SFTP/SSH2 Connection Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46858 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46858/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46858 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46858/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46858/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46858 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Xlight FTP Server, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to the SFTP/SSH2 virtual server restricting access of files to the user who opens the files first. This can be exploited to render the files inaccessible to other users. The vulnerability is reported in versions prior to 3.7.2. SOLUTION: Update to version 3.7.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.xlightftpd.com/whatsnew.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 15:02:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 00:02:30 +0100 Subject: [SEC] [SA46835] WordPress Zingiri Web Shop Plugin "selectedDoc[]" Code Injection Vulnerability Message-ID: <201111142302.pAEN2UUO016971@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: WordPress Zingiri Web Shop Plugin "selectedDoc[]" Code Injection Vulnerability SECUNIA ADVISORY ID: SA46835 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46835/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46835 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46835/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46835/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46835 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Zingiri Web Shop plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "selectedDoc[]" parameter to wp-content/plugins/zingiri-web-shop/fws/addons/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajax_file_cut.php is not properly verified before being used as session content in wp-content/plugins/zingiri-web-shop/fws/addons/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajax_save_name.php to write to a certain file. This can be exploited to inject arbitrary PHP code into a certain PHP file. The vulnerability is confirmed in version 2.2.3. Prior versions may also be affected SOLUTION: Update to version 2.2.4. PROVIDED AND/OR DISCOVERED BY: Egidio Romano aka EgiX ORIGINAL ADVISORY: EgiX: http://www.exploit-db.com/exploits/18111/ Zingiri: http://wiki.zingiri.com/index.php?title=Changelog OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 15:30:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 00:30:03 +0100 Subject: [SEC] [SA46855] DLGuard "searchCart" Cross-Site Scripting Vulnerability Message-ID: <201111142330.pAENU30I007654@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: DLGuard "searchCart" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46855 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46855/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46855 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46855/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46855/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46855 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in DLGuard, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "searchCart" parameter in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: CoBRa_21 ORIGINAL ADVISORY: http://packetstormsecurity.org/files/106859/dlguardshoppingcart-xss.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 15:51:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 00:51:02 +0100 Subject: [SEC] [SA46803] Linux Kernel NFSv4 Denial of Service Vulnerability Message-ID: <201111142351.pAENp2V7030395@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Linux Kernel NFSv4 Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46803 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46803/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46803 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46803/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46803/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46803 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling certain NFSv4 responses to ACL attribute requests, which can be exploited to e.g. cause a crash by connecting to a malicious NFSv4 server. SOLUTION: Use trusted NFSv4 servers only. PROVIDED AND/OR DISCOVERED BY: Andy Adamson ORIGINAL ADVISORY: http://www.spinics.net/lists/linux-nfs/msg25288.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 16:14:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 01:14:33 +0100 Subject: [SEC] [SA46830] Optima PLC APIFTP Server Two Denial of Service Vulnerabilities Message-ID: <201111150014.pAF0EXn6020895@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Optima PLC APIFTP Server Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46830 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46830/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46830 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46830/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46830/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46830 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered two vulnerabilities in Optima PLC, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error within the handling of certain packets in the APIFTP Server (APIFTPServer.exe) can be exploited to repeatedly trigger a NULL pointer dereference leading to a stack overflow by sending specially packets to port 10260/TCP. 2) An error within the handling of certain packets in the APIFTP Server (APIFTPServer.exe) can be exploited to cause an infinite loop by sending specially crafted packets to port 10260/TCP. The vulnerabilities are confirmed in APIFTP Server version 1.6.1.110 included in Optima PLC version 2.13.3.5. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/optimalog_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 16:49:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 01:49:22 +0100 Subject: [SEC] [SA46816] Gentoo update for PhpDocumentor Message-ID: <201111150049.pAF0nMfj011948@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Gentoo update for PhpDocumentor SECUNIA ADVISORY ID: SA46816 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46816/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46816 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46816/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46816/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46816 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for PhpDocumentor. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA29241 SOLUTION: Update to "dev-php/PEAR-PhpDocumentor-1.4.3-r1" or later. ORIGINAL ADVISORY: GLSA 201111-04: http://www.gentoo.org/security/en/glsa/glsa-201111-04.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 17:16:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 02:16:51 +0100 Subject: [SEC] [SA46819] Debian update for icedove Message-ID: <201111150116.pAF1Gp65002583@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Debian update for icedove SECUNIA ADVISORY ID: SA46819 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46819/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46819 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46819/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46819/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46819 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for icedove. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system. For more information: SA46757 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2345-1: http://www.debian.org/security/2011/dsa-2345 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 17:49:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 02:49:43 +0100 Subject: [SEC] [SA46873] Fedora update for ocsinventory Message-ID: <201111150149.pAF1nh4H025991@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for ocsinventory SECUNIA ADVISORY ID: SA46873 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46873/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46873 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46873/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46873/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46873 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ocsinventory. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks. For more information: SA46311 SOLUTION: Apply updated packages via the yum utility ("yum update ocsinventory"). ORIGINAL ADVISORY: FEDORA-2011-14963: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069280.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 18:13:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 03:13:59 +0100 Subject: [SEC] [SA46874] Fedora update for phpMyAdmin Message-ID: <201111150213.pAF2DxPP016517@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Fedora update for phpMyAdmin SECUNIA ADVISORY ID: SA46874 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46874/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46874 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46874/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46874/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46874 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for phpMyAdmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA46431 SOLUTION: Apply updated packages via the yum utility ("yum update phpMyAdmin"). ORIGINAL ADVISORY: FEDORA-2011-15472: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069234.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 18:49:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 03:49:02 +0100 Subject: [SEC] [SA46817] Gentoo update for openttd Message-ID: <201111150249.pAF2n2fc007587@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Gentoo update for openttd SECUNIA ADVISORY ID: SA46817 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46817/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46817 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46817/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46817/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46817 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for openttd. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA42205 SA45832 SOLUTION: Update to "games-simulation/openttd-1.1.3" or later. ORIGINAL ADVISORY: GLSA 201111-03: http://www.gentoo.org/security/en/glsa/glsa-201111-03.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 19:25:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 04:25:32 +0100 Subject: [SEC] [SA46781] AbsoluteFTP LIST Command Response Processing Buffer Overflow Message-ID: <201111150325.pAF3PWGS031588@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: AbsoluteFTP LIST Command Response Processing Buffer Overflow SECUNIA ADVISORY ID: SA46781 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46781/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46781 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46781/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46781/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46781 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in AbsoluteFTP, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing filenames within a directory listing. This can be exploited to cause a stack-based buffer overflow via a specially crafted FTP LIST command response. Successful exploitation allows execution of arbitrary code, but requires tricking a user into connecting to a malicious server. The vulnerability is confirmed in version 2.2.10. Other versions may also be affected. SOLUTION: The product is no longer supported by the vendor. Use another product. PROVIDED AND/OR DISCOVERED BY: Node ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18102/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 19:49:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 04:49:41 +0100 Subject: [SEC] [SA46821] Debian update for python-django-piston Message-ID: <201111150349.pAF3nfio022103@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Debian update for python-django-piston SECUNIA ADVISORY ID: SA46821 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46821/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46821 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46821/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46821/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46821 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for python-django-piston. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to the application using an insecure method when deserialising YAML data and can be exploited to execute arbitrary code. SOLUTION: Apply updated packages via the apt-get package manager. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: DSA-2344-1: http://www.debian.org/security/2011/dsa-2344 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 20:15:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 05:15:17 +0100 Subject: [SEC] [SA46783] CMS Made Simple News Module Security Bypass Vulnerability Message-ID: <201111150415.pAF4FHYJ012706@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: CMS Made Simple News Module Security Bypass Vulnerability SECUNIA ADVISORY ID: SA46783 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46783/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46783 RELEASE DATE: 2011-11-14 DISCUSS ADVISORY: http://secunia.com/advisories/46783/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46783/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46783 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in CMS Made Simple, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the application not restricting access when editing articles and can be exploited to modify news articles. The vulnerability is confirmed in version 1.9.4.2. Prior versions may also be affected. SOLUTION: Update to version 1.9.4.3 or later. ORIGINAL ADVISORY: http://www.cmsmadesimple.org/2011/08/Announcing-CMSMS-1-9-4-3---Security-Release OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 20:50:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 05:50:06 +0100 Subject: [SEC] [SA46076] Oracle Solaris Pango "pango_ft2_font_render_box_glyph()" Buffer Overflow Vulnerability Message-ID: <201111150450.pAF4o6JD003752@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Pango "pango_ft2_font_render_box_glyph()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46076 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46076/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46076 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46076/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46076/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46076 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Pango included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA42934 SOLUTION: Apply bug fix 7032373. ORIGINAL ADVISORY: http://blogs.oracle.com/sunsecurity/entry/cve_2011_0020_buffer_overflow OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 21:15:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 06:15:43 +0100 Subject: [SEC] [SA46049] Google Chrome Multiple Vulnerabilities Message-ID: <201111150515.pAF5Fha5026745@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: Google Chrome Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46049 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46049/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46049 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46049/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46049/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46049 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, disclose sensitive information, bypass certain security restrictions, and compromise a user's system. 1) A race condition exists within the certificate cache. 2) An error within the Windows Media Player plugin can lead to unintended access to system Flash. 3) An error exists within the v8 script object wrappers. 4) An unspecified error can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar. 5) An error in the garbage collection component of the PDF plugin can be exploited to corrupt memory. 6) The security issue is caused due to the Mac installer creating lock files in an insecure manner. NOTE: This only affects the Mac version. 7) An error within media buffers can be exploited to cause an out-of-bounds read. 8) A use-after-free error exists within unload event handling. 9) A use-after-free error exists within the document loader. 10) An unspecified error when handling the forward button can be exploited to display arbitrary content while showing the URL of a trusted web site in the address bar. 11) An error within box handling can be exploited to cause an out-of-bounds read. 12) An error within the handling of Khmer characters can be exploited to cause an out-of-bounds read. 13) An error within video handling can be exploited to cause an out-of-bounds read. 14) An off-by-one error exists within v8. 15) A use-after-free error exists within the plug-in handler. 16) A use-after-free error exists within ruby and table style handing. 17) An error within stylesheet handling can lead to a stale node. 18) An unspecified error within v8 can be exploited to violate the cross-origin policy. 19) A use-after-free error exists within the focus controller. 20) A double free error exists within the handling of libxml XPath. 21) An unspecified error can lead to incorrect permissions being assigned to non-gallery pages. 22) A use-after-free error exists within table style handling. 23) An error within the PDF component can lead to a bad string read. 24) An unspecified error can lead to unintended access of v8 built-in objects. 25) An error when handling Tibetan characters can be exploited to cause an out-of-bounds read. 26) An error when handling triangle arrays can be exploited to cause an out-of-bounds read. 27) A type confusion error exists within v8 object sealing. SOLUTION: Upgrade to version 14.0.835.163. PROVIDED AND/OR DISCOVERED BY: 5) Mario Gomes (C4SS!0 G0M3S). 10) Jordi Chancel. The vendor credits: 1) Ryan Sleevi, Chromium development community. 2) electronixtar. 3, 7) Kostya Serebryany, Chromium development community. 4) kuzzcc. 6) Aaron Sigel, vtty.com. 8, 17) Arthur Gerkis. 9, 11, 12, 19, 22) miaubiz. 13, 25, 26) Inferno, Google Chrome Security Team. 14, 27) Christian Holler. 15) SkyLined, Google Chrome Security Team. 16) Slawomir Blazek, miaubiz, and Inferno, Google Chrome Security Team. 18) Daniel Divricean. 20) Yang Dingning, NCNIPC, Graduate University of Chinese Academy of Sciences. 21) Bernhard 'Bruhns' Brehm, Recurity Labs. 23) Aki Helin, OUSPG. 24) Sergey Glazunov. ORIGINAL ADVISORY: Google: http://googlechromereleases.blogspot.com/2011/09/stable-channel-update_16.html Jordi Chancel: http://www.alternativ-testing.fr/blog/index.php?post/2011/Google-Chrome-Webkit-URL-Bar-Spoofing-SSL/TLS-Spoofing Mario Gomes: http://net-fuzzer.blogspot.com/2011/10/google-chrome-140835163-pdf-file.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 21:50:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 06:50:12 +0100 Subject: [SEC] [SA46004] PunBB URL Cross-Site Scripting Vulnerability Message-ID: <201111150550.pAF5oCfl017827@CRON-IX-2.intnet> ---------------------------------------------------------------------- SC World Congress, New York, USA, 16 November 2011 Visit the Secunia booth (#203) and discover how you can improve your handling of third party programs: http://secunia.com/resources/events/sc_2011/ ---------------------------------------------------------------------- TITLE: PunBB URL Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46004 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46004/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46004 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46004/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46004/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46004 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Piotr Duszynski has discovered a vulnerability in PunBB, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to e.g. login.php, misc.php, delete.php, edit.php, and profile.php (when "csrf_token" is invalid) is not properly sanitised in include/functions.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that the victim uses a browser that does not URL-encode the request (e.g. Internet Explorer 6). The vulnerability is confirmed in version 1.3.5. Other versions may also be affected. SOLUTION: Update to version 1.3.6. PROVIDED AND/OR DISCOVERED BY: Piotr Duszynski ORIGINAL ADVISORY: Piotr Duszynski: http://seclists.org/fulldisclosure/2011/Sep/158 PunBB: http://punbb.informer.com/forums/topic/24427/multiple-xss-vulnerabilities/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 14 22:14:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 07:14:21 +0100 Subject: [SEC] [SA46031] SemanticScuttle "address" Script Insertion Vulnerability Message-ID: <201111150614.pAF6ELK0008359@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SemanticScuttle "address" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA46031 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46031/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46031 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46031/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46031/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46031 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in SemanticScuttle, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the "address" parameter to bookmarks.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is confirmed in version 0.97.2. Prior versions may also be affected. SOLUTION: Update to version 0.98.0 or later. PROVIDED AND/OR DISCOVERED BY: JVN credits Yoshinori Ohta, Business Architects Inc. ORIGINAL ADVISORY: JVN#28973089, Japanese: http://jvn.jp/jp/JVN28973089/index.html JVN#28973089, English: http://jvn.jp/en/jp/JVN28973089/index.html JVNDB-2011-000074: http://jvndb.jvn.jp/jvndb/JVNDB-2011-000074 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 10:35:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 19:35:34 +0100 Subject: [SEC] [SA46740] Tiki Wiki CMS/Groupware URL Cross-Site Scripting Vulnerabilities Message-ID: <201111151835.pAFIZYqs003079@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Tiki Wiki CMS/Groupware URL Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46740 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46740/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46740 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46740/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46740/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46740 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered two vulnerabilities in Tiki Wiki CMS/Groupware, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input appended to the URL to e.g. tiki-pagehistory.php is not properly sanitised in lib/smarty_tiki/function.query.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input appended to the URL to tiki-admin_system.php is not properly sanitised in templates/tiki-admin_system.tpl before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in versions 6.4 and 7.2. Other versions may also be affected. SOLUTION: Upgrade to version 8.1. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: Tiki Wiki: http://info.tiki.org/article182-Tiki-8-1-Now-Available-End-of-Life-for-Tiki-7-x OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 11:35:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 20:35:17 +0100 Subject: [SEC] [SA46844] Joomla! obSuggest Component "controller" Local File Inclusion Vulnerability Message-ID: <201111151935.pAFJZHxa027834@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Joomla! obSuggest Component "controller" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA46844 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46844/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46844 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46844/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46844/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46844 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the obSuggest component for Joomla!, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the "controller" parameter in index.php (when "option" is set to "com_obsuggest") is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. The vulnerability is reported in versions prior to 1.8. SOLUTION: Update to version 1.8. PROVIDED AND/OR DISCOVERED BY: v3n0m ORIGINAL ADVISORY: http://foobla.com/news/latest/obsuggest-1.8-security-release.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 12:37:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 21:37:10 +0100 Subject: [SEC] [SA46828] Samsung Omnia 7 RapiConfig.exe Provisioning Vulnerability Message-ID: <201111152037.pAFKbAUS020267@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Samsung Omnia 7 RapiConfig.exe Provisioning Vulnerability SECUNIA ADVISORY ID: SA46828 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46828/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46828 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46828/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46828/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46828 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Alex Plaskett has reported a vulnerability in Samsung Omnia 7, which can be exploited by malicious people to compromise a user's device. The vulnerability is caused due the RapiConfig.exe configuration tool being bundled with the device, which can be exploited to execute an arbitrary provisioning XML file via directory traversal sequences. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into installing a malicious application. The vulnerability is reported in firmware version I8700ORARAJJ6. Other versions may also be affected. SOLUTION: Do not install untrusted applications. PROVIDED AND/OR DISCOVERED BY: Alex Plaskett, MWR InfoSecurity. ORIGINAL ADVISORY: MWR InfoSecurity: http://labs.mwrinfosecurity.com/files/Advisories/mwri_samsung-provxml_2011-11-10.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 13:35:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 22:35:03 +0100 Subject: [SEC] [SA46857] TYPO3 eu_ldap Extension LDAP Injection Vulnerability Message-ID: <201111152135.pAFLZ3pF012519@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: TYPO3 eu_ldap Extension LDAP Injection Vulnerability SECUNIA ADVISORY ID: SA46857 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46857/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46857 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46857/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46857/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46857 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the LDAP extension for TYPO3, which can be exploited by malicious people to manipulate certain data. Input passed via the username and password in the login form is not properly sanitised before being used in LDAP queries. This can be exploited to manipulate LDAP queries by injecting arbitrary LDAP query code. The vulnerability is reported in versions 2.8.10 and prior. SOLUTION: Update to version 2.8.11. PROVIDED AND/OR DISCOVERED BY: The vendor credits Matthias Hunstock. ORIGINAL ADVISORY: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-017/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 14:27:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 23:27:59 +0100 Subject: [SEC] [SA46870] TYPO3 phpMyAdmin Extension XML Entity References Information Disclosure Vulnerability Message-ID: <201111152227.pAFMRxhn004484@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: TYPO3 phpMyAdmin Extension XML Entity References Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA46870 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46870/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46870 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46870/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46870/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46870 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the phpMyAdmin extension for TYPO3, which can be exploited by malicious users to disclose potentially sensitive information. For more information: SA46447 The vulnerability is reported in versions 4.11.8 and prior. SOLUTION: Update to version 4.11.9. PROVIDED AND/OR DISCOVERED BY: Reported in the standalone version of phpMyAdmin by 80sec. ORIGINAL ADVISORY: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-018/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 14:50:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 15 Nov 2011 23:50:35 +0100 Subject: [SEC] [SA46839] FreeType CID-keyed Font Parsing Vulnerabilities Message-ID: <201111152250.pAFMoZaE027328@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: FreeType CID-keyed Font Parsing Vulnerabilities SECUNIA ADVISORY ID: SA46839 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46839/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46839 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46839/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46839/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46839 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in FreeType, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to errors in src/cid/cidload.c when parsing CID-keyed Type 1 fonts. This can be exploited to corrupt memory via a specially crafted font file. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 2.4.8. SOLUTION: Update to version 2.4.8. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://sourceforge.net/projects/freetype/files/freetype2/2.4.8/README/view OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 15:13:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 00:13:24 +0100 Subject: [SEC] [SA46812] IBM AIX Workload Partition System Calls Denial of Service Vulnerability Message-ID: <201111152313.pAFNDO1P017775@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM AIX Workload Partition System Calls Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46812 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46812/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46812 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46812/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46812/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46812 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM AIX, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the "wpar_limits_config" and "wpar_limits_modify" system calls and can be exploited to cause a crash. The vulnerability is reported in the following versions: * IBM AIX versions 6.1.5.0 through 5.1.5.8 * IBM AIX versions 6.1.6.0 through 6.1.6.16 * IBM AIX versions 6.1.7.0 and 6.1.7.1 * IBM AIX versions 7.1.0.0 through 7.1.0.15 * IBM AIX version 7.1.1.0 SOLUTION: Apply fix. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM: http://aix.software.ibm.com/aix/efixes/security/wpar_advisory.asc http://www.ibm.com/support/docview.wss?uid=isg1IV08320 http://www.ibm.com/support/docview.wss?uid=isg1IV08468 http://www.ibm.com/support/docview.wss?uid=isg1IV10227 http://www.ibm.com/support/docview.wss?uid=isg1IV10229 http://www.ibm.com/support/docview.wss?uid=isg1IV10226 ISS X-Force: http://xforce.iss.net/xforce/xfdb/71211 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 15:52:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 00:52:07 +0100 Subject: [SEC] [SA46850] Oracle Global Desktop Apache HTTP Server Two Denial of Service Vulnerabilities Message-ID: <201111152352.pAFNq7SC009027@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Oracle Global Desktop Apache HTTP Server Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46850 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46850/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46850 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46850/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46850/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46850 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged two vulnerabilities in Oracle Secure Global Desktop, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA44574 SA45606 The vulnerabilities are reported in versions prior to 4.62. SOLUTION: Update to version 4.62. ORIGINAL ADVISORY: http://blogs.oracle.com/sunsecurity/entry/cve_2011_3192_and_cve OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 16:14:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 01:14:49 +0100 Subject: [SEC] [SA46753] ResourceSpace External Access Keys Security Bypass Vulnerability Message-ID: <201111160014.pAG0EnPi031876@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: ResourceSpace External Access Keys Security Bypass Vulnerability SECUNIA ADVISORY ID: SA46753 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46753/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46753 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46753/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46753/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46753 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ResourceSpace, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the application not properly checking external access keys and can exploited to gain access to certain resources. The vulnerability is reported in versions prior to 4.2.2833. SOLUTION: Update to version 4.3.2912. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.resourcespace.org/download.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 16:49:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 01:49:05 +0100 Subject: [SEC] [SA46848] Apple iTunes Software Update Spoofing Weakness Message-ID: <201111160049.pAG0n5cF022897@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Apple iTunes Software Update Spoofing Weakness SECUNIA ADVISORY ID: SA46848 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46848/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46848 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46848/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46848/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46848 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Apple iTunes, which can be exploited by malicious people to conduct spoofing attacks. The weakness is caused due the software update mechanism using an HTTP request to check for new updates. This can be exploited to e.g. spoof an update via Man-in-the-Middle (MitM) attacks. Successful exploitation requires that Apple Software Update is not installed. The weakness is reported in versions prior to 10.5.1. SOLUTION: Update to version 10.5.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Francisco Amato, Infobyte Security Research. ORIGINAL ADVISORY: Apple: http://support.apple.com/kb/HT5030 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 17:15:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 02:15:36 +0100 Subject: [SEC] [SA46846] SUSE update for flash-player Message-ID: <201111160115.pAG1FaMd013550@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for flash-player SECUNIA ADVISORY ID: SA46846 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46846/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46846 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46846/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46846/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46846 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for flash-player. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA46818 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1240-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00014.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 17:48:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 02:48:30 +0100 Subject: [SEC] [SA46845] Ubuntu update for quagga Message-ID: <201111160148.pAG1mUpL004506@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for quagga SECUNIA ADVISORY ID: SA46845 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46845/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46845 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46845/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46845/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46845 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for quagga. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46139 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1261-1: http://www.ubuntu.com/usn/usn-1261-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 18:15:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 03:15:54 +0100 Subject: [SEC] [SA46852] SAP NetWeaver Multiple Vulnerabilities Message-ID: <201111160215.pAG2FsFo027576@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46852 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46852/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46852 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46852/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46852/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46852 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Digital Security Research Group has reported multiple vulnerabilities in SAP NetWeaver, which can be exploited by malicious users to conduct script insertion attacks, manipulate certain data, bypass certain security restrictions, and compromise a vulnerable system and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed via certain transactions to the BAPI Explorer is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Input passed to the "instname" parameter in the VsiTestScan servlet and "name" parameter in the VsiTestServlet servlet within the Virus Scan Interface is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "page" parameter in /SAP/BW/DOC/METADATA/ is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) An error in the RSTXSCRP report when using transaction "sa38" can be exploited to insert an arbitrary UNC path via the "File Name" field. 5) An error in the TH_GREP report when handling certain SOAP requests can be exploited to inject arbitrary shell commands via a "" parameter. Successful exploitation of this vulnerability may allow execution of arbitrary code. 6) The SPML service allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user if a logged-in administrative user visits a malicious web site. 7) An error in the CTC service when performing certain authentication checks can be exploited to gain access to user management and OS command execution functionality. Successful exploitation of this vulnerability may allow execution of arbitrary code. SOLUTION: Apply fixes (please see the vendor's advisories for details). PROVIDED AND/OR DISCOVERED BY: 1, 3, 4) Dmitriy Chastuchin, Digital Security Research Group (DSecRG). 2) Dmitriy Evdokimov, Digital Security Research Group (DSecRG). 3, 6, 7) Alexandr Polyakov, Digital Security Research Group (DSecRG). 5) Alexey Tyurin, Digital Security Research Group (DSecRG). ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1589525 https://service.sap.com/sap/support/notes/1616058 https://service.sap.com/sap/support/notes/1580017 https://service.sap.com/sap/support/notes/1583286 https://service.sap.com/sap/support/notes/1572325 https://service.sap.com/sap/support/notes/1546307 https://service.sap.com/sap/support/notes/1569550 Digital Security Research Group: http://dsecrg.com/pages/vul/show.php?id=341 http://dsecrg.com/pages/vul/show.php?id=340 http://dsecrg.com/pages/vul/show.php?id=339 http://dsecrg.com/pages/vul/show.php?id=338 http://dsecrg.com/pages/vul/show.php?id=337 http://dsecrg.com/pages/vul/show.php?id=336 http://dsecrg.com/pages/vul/show.php?id=335 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 18:48:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 03:48:54 +0100 Subject: [SEC] [SA46856] Fedora update for wireshark Message-ID: <201111160248.pAG2msxf018549@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for wireshark SECUNIA ADVISORY ID: SA46856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46856 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for wireshark. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. For more information: SA46644 SOLUTION: Apply updated packages via the yum utility ("yum update wireshark"). ORIGINAL ADVISORY: FEDORA-2011-15338: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069325.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 19:26:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 04:26:33 +0100 Subject: [SEC] [SA46849] SUSE update for acroread Message-ID: <201111160326.pAG3QXsm010237@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for acroread SECUNIA ADVISORY ID: SA46849 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46849/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46849 RELEASE DATE: 2011-11-15 DISCUSS ADVISORY: http://secunia.com/advisories/46849/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46849/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46849 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA45978 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1238-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 19:49:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 04:49:47 +0100 Subject: [SEC] [SA46056] Red Hat Network Satellite Server Multiple Vulnerabilities Message-ID: <201111160349.pAG3nl1C000628@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat Network Satellite Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46056 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46056/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46056 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46056/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46056/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46056 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness and multiple vulnerabilities have been reported in Red Hat Network Satellite Server, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks. 1) Input passed via the "url_bounce" parameter to the log-in page is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. This is related to vulnerability #1 in: SA45010 2) Certain input passed to SystemGroupList.do is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Certain input passed in search result sets (when certain filter options are set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Certain input passed to channels search forms is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) Input appended to the URL after help/forgot_password.pxt is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Thomas Biege, SUSE Security Team 2) Daniel Karanja Muturi 3) Nils Juenemann and The Bearded Warriors 4) Nils Juenemann 5) Sylvain Maes ORIGINAL ADVISORY: RHSA-2011:1299-1: https://rhn.redhat.com/errata/RHSA-2011-1299.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 20:14:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 05:14:03 +0100 Subject: [SEC] [SA46053] EMC Ionix Products Two Buffer Overflow Vulnerabilities Message-ID: <201111160414.pAG4E3fl023625@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: EMC Ionix Products Two Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA46053 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46053/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46053 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46053/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46053/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46053 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in multiple EMC Ionix products, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA46052 Please see the vendor's advisory for a list of affected products. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri via ZDI. ORIGINAL ADVISORY: EMC (ESA-2011-029): http://archives.neohapsis.com/archives/bugtraq/2011-09/att-0099/ESA-2011-029.txt ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-291 http://www.zerodayinitiative.com/advisories/ZDI-11-292 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 20:49:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 05:49:31 +0100 Subject: [SEC] [SA46052] EMC Ionix Products Service Two Buffer Overflow Vulnerabilities Message-ID: <201111160449.pAG4nVUV014705@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: EMC Ionix Products Service Two Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA46052 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46052/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46052 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46052/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46052/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46052 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in multiple EMC Ionix products, which can be exploited by malicious people to compromise a vulnerable system. 1) A boundary error in the brstart.exe service when handling "add_dm" requests can be exploited to cause a heap-based buffer overflow via specially crafted packets sent to TCP port 9002. 2) A boundary error in the brstart.exe service when handling the "sm_read_string_length" value of the authentication portion of a SMARTS request can be exploited to cause a heap-based buffer overflow via specially crafted packets sent to TCP port 9002. Please see the vendor's advisory for a list of affected products. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri via ZDI. ORIGINAL ADVISORY: EMC (ESA-2011-029): http://archives.neohapsis.com/archives/bugtraq/2011-09/att-0099/ESA-2011-029.txt ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-291 http://www.zerodayinitiative.com/advisories/ZDI-11-292 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 21:13:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 06:13:13 +0100 Subject: [SEC] [SA46041] Blue Coat Director Multiple Vulnerabilities Message-ID: <201111160513.pAG5DDor005224@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Blue Coat Director Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46041 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46041/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46041 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46041/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46041/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46041 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Blue Coat has acknowledged multiple vulnerabilities in Blue Coat Director, which can be exploited by malicious people to gain access to sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. 1) An error exists in the bundled version of OpenSSL. For more information: SA8720 2) Multiple errors exists in the bundled version of Apache HTTP Server. For more information: SA30621 SA31384 SA36549 SA36675 SA38852 3) Certain unspecified input related to HTTP TRACE requests is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 5.5.2.3. SOLUTION: Apply interim fixes. Please see the vendor's advisories for details. PROVIDED AND/OR DISCOVERED BY: 3) Reported by the vendor. ORIGINAL ADVISORY: https://kb.bluecoat.com/index?page=content&id=SA61 https://kb.bluecoat.com/index?page=content&id=SA62 https://kb.bluecoat.com/index?page=content&id=SA63 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 21:48:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 06:48:30 +0100 Subject: [SEC] [SA45972] RSLogix 5000 Packet Processing Buffer Overflow Vulnerability Message-ID: <201111160548.pAG5mUTM028682@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: RSLogix 5000 Packet Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45972 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45972/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45972 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/45972/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45972/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45972 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in RSLogix 5000, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error in the RnaUtility.dll module when handling a certain size field within packets. This can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to e.g. TCP port 4445. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions 17, 18, and 19 (confirmed in 17.00.00 CPR 9 SR 1) and all FactoryTalk-branded software versions CPR9 and CPR9-SR1 through SR4. SOLUTION: Apply patch AID 458689. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: Rockwell Automation: http://rockwellautomation.custhelp.com/app/answers/detail/a_id/456065/kw/456065 http://rockwellautomation.custhelp.com/app/answers/detail/a_id/456144 Luigi Auriemma: http://aluigi.altervista.org/adv/rslogix_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 15 22:13:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 07:13:35 +0100 Subject: [SEC] [SA45982] Papoo Light Cross-Site Scripting Vulnerability Message-ID: <201111160613.pAG6DZb5019250@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Papoo Light Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA45982 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45982/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45982 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/45982/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45982/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45982 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has reported a vulnerability in Papoo Light, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 4.0. Other versions may also be affected. SOLUTION: Update to version 4.0.8. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: http://www.rul3z.de/advisories/SSCHADV2011-014.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 10:33:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 19:33:38 +0100 Subject: [SEC] [SA46827] HTC HD7 9020002Ch IOCTL Handling Vulnerability Message-ID: <201111161833.pAGIXcHl013974@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HTC HD7 9020002Ch IOCTL Handling Vulnerability SECUNIA ADVISORY ID: SA46827 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46827/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46827 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46827/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46827/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46827 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Alex Plaskett has reported a vulnerability in HTC HD7, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the HTCUtility.dll driver when processing the 0x9020002C IOCTL and can be exploited to read certain data from or write certain data to arbitrary kernel memory. Successful exploitation requires tricking a user into installing a malicious application. SOLUTION: Update to the latest version. PROVIDED AND/OR DISCOVERED BY: Alex Plaskett, MWR InfoSecurity. ORIGINAL ADVISORY: MWR InfoSecurity: http://labs.mwrinfosecurity.com/files/Advisories/mwri_htc-htcutility-kernmem_2011-11-10.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 11:33:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 20:33:49 +0100 Subject: [SEC] [SA46866] Ubuntu update for lightdm Message-ID: <201111161933.pAGJXn9L006331@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for lightdm SECUNIA ADVISORY ID: SA46866 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46866/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46866 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46866/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46866/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46866 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for lightdm. This fixes two security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA46712 SA46868 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1262-1: http://www.ubuntu.com/usn/usn-1262-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 12:34:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 21:34:17 +0100 Subject: [SEC] [SA46837] IBM WebSphere MQ Control Commands Security Bypass Security Issue Message-ID: <201111162034.pAGKYHlD031097@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM WebSphere MQ Control Commands Security Bypass Security Issue SECUNIA ADVISORY ID: SA46837 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46837/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46837 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46837/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46837/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46837 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in IBM WebSphere MQ, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to access not being restricted on certain WebSphere MQ control commands and can be exploited to e.g. stop the command server on the specified queue manager via the ENDMQCSV control command. Successful exploitation requires that the MQM group default rights is set on the system. The security issue is reported in versions 6.0.x. SOLUTION: Apply APAR IC78034 or update to version 6.0.2.11 when available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg1IC78034 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 13:34:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 22:34:40 +0100 Subject: [SEC] [SA46831] LimeSurvey Survey Text Field Tooltip Script Insertion Vulnerability Message-ID: <201111162134.pAGLYeLo023458@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: LimeSurvey Survey Text Field Tooltip Script Insertion Vulnerability SECUNIA ADVISORY ID: SA46831 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46831/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46831 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46831/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46831/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46831 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Joshua Tiago has discovered a vulnerability in LimeSurvey, which can be exploited by malicious people to conduct script insertion attacks. Input passed via certain text fields to surveys is not properly sanitised before being used as tooltip when browsing survey results. This can be exploited to insert HTML and script code, which will be executed in an administrative user's browser session in context of an affected site if malicious data is viewed. The vulnerability is confirmed in version 1.91+ Build 11343-20111108. Prior versions may also be affected. SOLUTION: Update to version 1.91+ Build 11379-20111116 or later. PROVIDED AND/OR DISCOVERED BY: Joshua Tiago, Cirosec via Secunia. ORIGINAL ADVISORY: http://sourceforge.net/projects/limesurvey/files/1._LimeSurvey_stable/1.91%2B/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 14:28:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 23:28:31 +0100 Subject: [SEC] [SA46883] SUSE update for radvd Message-ID: <201111162228.pAGMSVO5015498@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for radvd SECUNIA ADVISORY ID: SA46883 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46883/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46883 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46883/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46883/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46883 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for radvd. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46200 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1245-1: https://hermes.opensuse.org/messages/12386320 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 14:49:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 16 Nov 2011 23:49:05 +0100 Subject: [SEC] [SA46869] SUSE update for mozilla-nss Message-ID: <201111162249.pAGMn5ED005838@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for mozilla-nss SECUNIA ADVISORY ID: SA46869 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46869/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46869 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46869/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46869/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46869 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for mozilla-nss. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. For more information: SA46557 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1241-1: http://lists.opensuse.org/opensuse-updates/2011-11/msg00013.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 15:13:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 00:13:52 +0100 Subject: [SEC] [SA46885] SUSE update for MozillaFirefox Message-ID: <201111162313.pAGNDqB4028786@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for MozillaFirefox SECUNIA ADVISORY ID: SA46885 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46885/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46885 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46885/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46885/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46885 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a user's system. For more information: SA46773 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1243-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00016.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 15:48:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 00:48:28 +0100 Subject: [SEC] [SA46887] ISC BIND Recursive Query Processing Denial of Service Vulnerability Message-ID: <201111162348.pAGNmSFc019847@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: ISC BIND Recursive Query Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46887 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46887/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46887 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46887/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46887/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46887 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ISC BIND, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when processing recursive queries. No further information is currently available. NOTE: The vulnerability is currently being actively exploited. The vulnerability is reported in version 9.x. SOLUTION: Restrict access to trusted hosts (a workaround patch is being tested by the vendor). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: https://www.isc.org/software/bind/advisories/cve-2011-tbd OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 16:14:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 01:14:20 +0100 Subject: [SEC] [SA46868] LightDM "~/.dmrc" Privilege Escalation Security Issue Message-ID: <201111170014.pAH0EKhY010475@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: LightDM "~/.dmrc" Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA46868 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46868/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46868 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46868/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46868/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46868 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in LightDM, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to LightDM handling the "~/.dmrc" file as a root user, which can be exploited to read arbitrary files via symlink attacks. The vulnerability is reported in version 1.0.6. Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: Reported by Marc Deslauriers in an Ubuntu bug report. ORIGINAL ADVISORY: https://bugs.launchpad.net/ubuntu/%2Bsource/lightdm/%2Bbug/883865 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 16:49:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 01:49:41 +0100 Subject: [SEC] [SA46884] SUSE update for radvd Message-ID: <201111170049.pAH0nfeL001477@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for radvd SECUNIA ADVISORY ID: SA46884 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46884/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46884 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46884/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46884/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46884 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for radvd. This fixes multiple security issues and vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service). For more information: SA46200 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1247-1: http://lists.opensuse.org/opensuse-updates/2011-11/msg00016.html SUSE-SU-2011:1246-1: https://hermes.opensuse.org/messages/12389064 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 17:19:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 02:19:14 +0100 Subject: [SEC] [SA46843] Seraphim Tech Advanced Upload and Email PHP Script Arbitrary File Upload Vulnerability Message-ID: <201111170119.pAH1JEwg024746@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Seraphim Tech Advanced Upload and Email PHP Script Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46843 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46843/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46843 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46843/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46843/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46843 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Seraphim Tech Advanced Upload and Email PHP Script, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the uploadurl.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script. The vulnerability is confirmed in version 1.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Fr0zen_roads ORIGINAL ADVISORY: http://packetstormsecurity.org/files/106965/seraphimtech-shell.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 17:55:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 02:55:29 +0100 Subject: [SEC] [SA46878] Fedora update for krb5 Message-ID: <201111170155.pAH1tTmC015881@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for krb5 SECUNIA ADVISORY ID: SA46878 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46878/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46878 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46878/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46878/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46878 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for krb5. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46494 SOLUTION: Apply updated packages via the yum utility ("yum update krb5"). ORIGINAL ADVISORY: FEDORA-2011-14650: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069381.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 18:13:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 03:13:16 +0100 Subject: [SEC] [SA46851] Debian update for proftpd-dfsg Message-ID: <201111170213.pAH2DGZ2006092@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for proftpd-dfsg SECUNIA ADVISORY ID: SA46851 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46851/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46851 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46851/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46851/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46851 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for proftpd-dfsg. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. For more information: SA46811 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2346-1: http://lists.debian.org/debian-security-announce/2011/msg00223.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 18:48:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 03:48:17 +0100 Subject: [SEC] [SA46875] InduSoft Web Studio CEServer Security Bypass and Buffer Overflow Vulnerabilities Message-ID: <201111170248.pAH2mHxJ029551@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: InduSoft Web Studio CEServer Security Bypass and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA46875 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46875/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46875 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46875/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46875/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46875 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and a vulnerability have been reported in InduSoft Web Studio, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. For more information: SA46871 The security issue and the vulnerability are reported in version 6.1. SOLUTION: Upgrade to version 7.0 Service Pack 1 Patch 1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Luigi Auriemma via ZDI. ORIGINAL ADVISORY: InduSoft: http://www.indusoft.com/hotfixes/hotfixes.php ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 19:20:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 04:20:00 +0100 Subject: [SEC] [SA46871] InduSoft Web Studio CEServer Security Bypass and Buffer Overflow Vulnerabilities Message-ID: <201111170320.pAH3K0gu020914@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: InduSoft Web Studio CEServer Security Bypass and Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA46871 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46871/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46871 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46871/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46871/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46871 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and a vulnerability have been reported in InduSoft Web Studio, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. 1) An error within the remote agent component (CEServer.exe) when processing incoming requests can be exploited to bypass the authentication mechanism. 2) A boundary error within the remote agent component (CEServer.exe) when handling the remove file operation (0x15) can be exploited to cause a stack-based buffer overflow. Successful exploitation of this vulnerability may allow execution of arbitrary code. The security issue and the vulnerability are reported in versions prior to 7.0 Service Pack 1 Patch 1. SOLUTION: Apply Service Pack 1 Patch 1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Luigi Auriemma via ZDI. ORIGINAL ADVISORY: InduSoft: http://www.indusoft.com/hotfixes/hotfixes.php ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-319-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 19:55:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 04:55:43 +0100 Subject: [SEC] [SA46863] SUSE update for MozillaFirefox Message-ID: <201111170355.pAH3thom012023@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for MozillaFirefox SECUNIA ADVISORY ID: SA46863 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46863/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46863 RELEASE DATE: 2011-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/46863/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46863/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46863 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system. For more information: SA46757 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1242-1: http://lists.opensuse.org/opensuse-updates/2011-11/msg00014.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 20:14:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 05:14:26 +0100 Subject: [SEC] [SA46009] WordPress WP e-Commerce Plugin "transaction_id" Two SQL Injection Vulnerabilities Message-ID: <201111170414.pAH4EQtE002196@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress WP e-Commerce Plugin "transaction_id" Two SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA46009 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46009/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46009 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46009/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46009/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46009 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Miroslav Stampar has discovered two vulnerabilities in the WP e-Commerce plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed via the "transaction_id" parameter to index.php (when "chronopay_callback" is set to "true" and "transaction_type" is set to "onetime", "initial", or "rebill") is not properly sanitised in wp-content/plugins/wp-e-commerce/wpsc-merchants/chronopay.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed via the "transaction_id" parameter to index.php (when "chronopay_callback" is set to "true" and "transaction_type" is set to "Pending") is not properly sanitised in wp-content/plugins/wp-e-commerce/wpsc-merchants/chronopay.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 3.8.6. Prior versions may also be affected. SOLUTION: Update to version 3.8.6.1. PROVIDED AND/OR DISCOVERED BY: Miroslav Stampar ORIGINAL ADVISORY: WP e-Commerce: http://getshopped.org/getshopped-news/wp-e-commerce-3-8-6-1-and-3-7-8-1-mandatory-security-update/ http://wordpress.org/extend/plugins/wp-e-commerce/changelog/ http://plugins.trac.wordpress.org/changeset?reponame=&new=438317%40wp-e-commerce&old=438316%40wp-e-commerce Miroslav Stampar: http://unconciousmind.blogspot.com/2011/09/wordpress-wp-e-commerce-plugin-386-sql.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 20:48:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 05:48:29 +0100 Subject: [SEC] [SA46034] Colasoft Capsa SNMP Packet Processing Denial of Service Vulnerability Message-ID: <201111170448.pAH4mTj6025675@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Colasoft Capsa SNMP Packet Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46034 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46034/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46034 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46034/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46034/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46034 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Colasoft Capsa, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error within the SNMPv1 protocol dissector and can be exploited to cause a crash via a specially crafted packet. The vulnerability is reported in version 7.2.1. Other versions may also be affected. SOLUTION: Do not analyse SNMPv1 packets. PROVIDED AND/OR DISCOVERED BY: Penetration test team, NCNIPC (China). ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-09/0088.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 21:15:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 06:15:07 +0100 Subject: [SEC] [SA45962] MetaStock File Processing Use-After-Free Vulnerability Message-ID: <201111170515.pAH5F71W016328@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: MetaStock File Processing Use-After-Free Vulnerability SECUNIA ADVISORY ID: SA45962 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45962/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45962 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/45962/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45962/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45962 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has reported a vulnerability in MetaStock, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a use-after-free error when processing certain files and can be exploited to dereference already freed memory via e.g. a specially crafted ".mwl" file. Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file. The vulnerability is reported in version 11. Other versions may also be affected. SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/metastock_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 21:47:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 06:47:58 +0100 Subject: [SEC] [SA46055] SAP Crystal Reports "service" Cross-Site Scripting Vulnerability Message-ID: <201111170547.pAH5lwp6007299@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SAP Crystal Reports "service" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46055 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46055/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46055 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46055/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46055/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46055 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SAP Crystal Reports, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "service" parameter to pubDBLogon.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Apply fixes. Please see the vendor's advisory for more information. PROVIDED AND/OR DISCOVERED BY: Dmitriy Chastuchin, Digital Security Research Group. ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1562292 Digital Security Research Group: http://dsecrg.com/pages/vul/show.php?id=333 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 16 22:15:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 07:15:38 +0100 Subject: [SEC] [SA46045] SAP NetWeaver ipcpricing Information Disclosure Vulnerability Message-ID: <201111170615.pAH6Fc7m030379@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver ipcpricing Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA46045 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46045/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46045 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46045/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46045/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46045 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SAP NetWeaver, which an be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to an unspecified error within the com.sap.ipc.webapp.ipcpricing application. No further information is currently available. SOLUTION: Apply fixes. Please see the vendor's advisory for more information. PROVIDED AND/OR DISCOVERED BY: Dmitriy Chastuchin, Digital Security Research Group. ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1545883 Digital Security Research Group: http://dsecrg.com/pages/vul/show.php?id=332 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 10:34:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 19:34:30 +0100 Subject: [SEC] [SA46861] V-CMS Multiple Vulnerabilities Message-ID: <201111171834.pAHIYUfk025028@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: V-CMS Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46861 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46861/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46861 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46861/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46861/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46861 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AutoSec Tools has discovered multiple vulnerabilities in V-CMS, which can be exploited by malicious people to conduct cross-site scripting attacks, SQL injection attacks, and compromise a vulnerable system. 1) Input passed via the "p" parameter to redirect.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "box" parameter to includes/TrueColorPicker/index.php is not properly sanitised in includes/TrueColorPicker/class.TrueColorPicker.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "user" parameter to process.php is not properly sanitised in session.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 4) The includes/inline_image_upload.php script allows the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script. The vulnerabilities are confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to the includes/inline_image_upload.php script (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: AutoSec Tools ORIGINAL ADVISORY: http://www.autosectools.com/Advisory/V-CMS-1.0-Reflected-Cross-site-Scripting-234 http://www.autosectools.com/Advisory/V-CMS-1.0-SQL-Injection-235 http://www.autosectools.com/Advisory/V-CMS-1.0-Arbitrary-Upload-236 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 11:52:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 20:52:46 +0100 Subject: [SEC] [SA46798] nginx DNS Response Handling Buffer Overflow Vulnerability Message-ID: <201111171952.pAHJqkET008417@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: nginx DNS Response Handling Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46798 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46798/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46798 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46798/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46798/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46798 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in nginx, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "ngx_resolver_copy()" function (ngx_resolver.c) when handling DNS responses. This can be exploited to cause a heap-based buffer overflow via a specially crafted DNS response. Successful exploitation may allow execution of arbitrary code but requires that the custom DNS resolver is enabled (disabled by default). The vulnerability is reported in versions prior to 1.0.10. SOLUTION: Update to version 1.0.10. PROVIDED AND/OR DISCOVERED BY: Ben Hawkes ORIGINAL ADVISORY: nginx: http://nginx.org/en/CHANGES-1.0 Ben Hawkes: http://www.openwall.com/lists/oss-security/2011/11/17/8 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 12:46:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 21:46:36 +0100 Subject: [SEC] [SA46886] Dovecot Common Name Verification Security Issue Message-ID: <201111172046.pAHKkanG006034@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Dovecot Common Name Verification Security Issue SECUNIA ADVISORY ID: SA46886 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46886/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46886 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46886/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46886/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46886 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Dovecot, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due the application not properly checking if the "Common Name" field provided inside SSL server certificates matches the requested hostname of a server. This can be exploited to e.g. conduct Man-in-the-Middle (MitM) attacks. Successful exploitation requires that the application is configured to check for certificates. The security issue is reported in versions prior to 2.0.16. SOLUTION: Update to version 2.0.16. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.dovecot.org/list/dovecot-news/2011-November/000200.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 13:33:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 22:33:01 +0100 Subject: [SEC] [SA46891] Red Hat update for JBoss Enterprise SOA Platform Message-ID: <201111172133.pAHLX1ur030087@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for JBoss Enterprise SOA Platform SECUNIA ADVISORY ID: SA46891 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46891/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46891 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46891/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46891/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46891 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for JBoss Enterprise SOA Platform. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed via regular expressions to the scripting_chain application is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Updated packages are available via Red Hat Customer Portal. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: RHSA-2011:1456-1: https://rhn.redhat.com/errata/RHSA-2011-1456.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 14:58:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 23:58:33 +0100 Subject: [SEC] [SA46903] Juniper Junos IPv6 Over IPv4 Tunnel Security Policy Bypass Vulnerability Message-ID: <201111172258.pAHMwXXb012688@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Juniper Junos IPv6 Over IPv4 Tunnel Security Policy Bypass Vulnerability SECUNIA ADVISORY ID: SA46903 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46903/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46903 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46903/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46903/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46903 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Juniper Junos, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error when enforcing security policies on IPv6 over IPv4 tunnels. This can lead to certain security policies not being enforced properly on IPv6 datagrams. The vulnerability is reported in version 10.2R2. Other versions may also be affected. SOLUTION: Reportedly fixed in 10.2R3 (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.juniper.net/alerts/viewalert.jsp?txtAlertNumber=PSN-2011-07-299&viewMode=view OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 14:58:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 17 Nov 2011 23:58:22 +0100 Subject: [SEC] [SA46854] Infoblox Trinzic NetMRI Two Cross-Site Scripting Vulnerabilities Message-ID: <201111172258.pAHMwMSg012509@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Infoblox Trinzic NetMRI Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46854 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46854/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46854 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46854/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46854/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46854 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Jose Carlos de Arriba has discovered two vulnerabilities in Infoblox Trinzic NetMRI, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "mode" and "eulaAccepted" POST parameters in netmri/config/userAdmin/login.tdf is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 6.2.1.48. Other versions may also be affected. SOLUTION: Reportedly fixed in version 6.2.2. PROVIDED AND/OR DISCOVERED BY: Jose Carlos de Arriba ORIGINAL ADVISORY: http://foregroundsecurity.com/secure-coding-and-security-qa/111-infoblox-netmri-621-612-and-60242-multiple-cross-site-scripting-xss OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 15:29:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 00:29:48 +0100 Subject: [SEC] [SA46840] ReviewBoard Diff and Screenshot Comments Script Insertion Vulnerabilities Message-ID: <201111172329.pAHNTmSG003891@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: ReviewBoard Diff and Screenshot Comments Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA46840 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46840/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46840 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46840/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46840/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46840 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in ReviewBoard, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input when commenting on a diff or a screenshot is not properly sanitised in reviewboard/reviews/templatetags/reviewtags.py before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are reported in versions prior to 1.6.3. SOLUTION: Update to version 1.6.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Damian Johnson. ORIGINAL ADVISORY: http://www.reviewboard.org/docs/releasenotes/dev/reviewboard/1.6.3/ https://github.com/reviewboard/reviewboard/commit/7a0a9d94555502278534dedcf2d75e9fccce8c3d OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 15:49:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 00:49:20 +0100 Subject: [SEC] [SA46895] Ubuntu update for openjdk-6 Message-ID: <201111172349.pAHNnKvd026568@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openjdk-6 SECUNIA ADVISORY ID: SA46895 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46895/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46895 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46895/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46895/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46895 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openjdk-6. This fixes a security issue and multiple vulnerabilities, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, hijack a user's session, conduct DNS cache poisoning attacks, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA46512 SA46789 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1263-1: http://www.ubuntu.com/usn/usn-1263-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 16:13:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 01:13:31 +0100 Subject: [SEC] [SA46902] eTrust Directory SNMP Packet Parsing Denial of Service Vulnerability Message-ID: <201111180013.pAI0DVme017102@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: eTrust Directory SNMP Packet Parsing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46902 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46902/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46902 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46902/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46902/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46902 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in eTrust Directory, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46822 The vulnerability is reported in version 8.1. SOLUTION: Upgrade to CA Directory version 12 SP7 CR1 (build 6279). PROVIDED AND/OR DISCOVERED BY: The vendor credits nabCERT, National Australia Bank. ORIGINAL ADVISORY: CA20111116-01: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={286545DB-00B9-4B4C-8DE7-F00827F3CC75} OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 16:48:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 01:48:08 +0100 Subject: [SEC] [SA46822] CA Directory SNMP Packet Parsing Denial of Service Vulnerability Message-ID: <201111180048.pAI0m8Bh008172@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: CA Directory SNMP Packet Parsing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46822 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46822/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46822 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46822/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46822/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46822 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in CA Directory, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a boundary error within the parsing of SNMP packets and can be exploited to cause a crash by sending a specially crafted SNMP packet. The vulnerability is reported in versions r12 SP1 through SP7. Please see the vendor's advisory for the list of affected products. SOLUTION: Apply patch (please see the vendor's advisory for more information). PROVIDED AND/OR DISCOVERED BY: The vendor credits nabCERT, National Australia Bank. ORIGINAL ADVISORY: CA20111116-01: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={286545DB-00B9-4B4C-8DE7-F00827F3CC75} OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 17:15:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 02:15:02 +0100 Subject: [SEC] [SA46879] Attachmate Reflection FTP Client Response Processing Buffer Overflow Vulnerability Message-ID: <201111180115.pAI1F2t3031206@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Attachmate Reflection FTP Client Response Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46879 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46879/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46879 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46879/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46879/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46879 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Protek Research Lab's has discovered a vulnerability in Reflection for Secure IT, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the Reflection FTP client in rftpcom.dll when processing filenames within a directory listing. This can be exploited to cause a stack-based buffer overflow via a specially crafted FTP LIST command response. Successful exploitation allows execution of arbitrary code, but requires tricking a user into connecting to a malicious server. The vulnerability is confirmed in version 7.2.0.106 (Reflection FTP Client version 14.1.70). Other versions may also be affected. SOLUTION: Do not connect to untrusted FTP servers. PROVIDED AND/OR DISCOVERED BY: Francis Provencher, Protek Research Lab's ORIGINAL ADVISORY: http://www.protekresearchlab.com/index.php?option=com_content&view=article&id=29&Itemid=29 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 17:48:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 02:48:21 +0100 Subject: [SEC] [SA46829] Debian update for bind9 Message-ID: <201111180148.pAI1mL0n022207@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for bind9 SECUNIA ADVISORY ID: SA46829 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46829/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46829 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46829/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46829/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46829 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46887 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2347-1: http://www.debian.org/security/2011/dsa-2347 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 18:13:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 03:13:24 +0100 Subject: [SEC] [SA46892] Red Hat update for freetype Message-ID: <201111180213.pAI2DOsl012762@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for freetype SECUNIA ADVISORY ID: SA46892 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46892/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46892 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46892/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46892/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46892 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library. For more information: SA46839 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1455-01: https://rhn.redhat.com/errata/RHSA-2011-1455.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 18:48:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 03:48:06 +0100 Subject: [SEC] [SA46860] SUSE update for icedtea-web Message-ID: <201111180248.pAI2m6j3003827@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for icedtea-web SECUNIA ADVISORY ID: SA46860 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46860/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46860 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46860/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46860/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46860 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for icedtea-web. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA46789 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1251-1: http://lists.opensuse.org/opensuse-updates/2011-11/msg00019.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 19:20:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 04:20:32 +0100 Subject: [SEC] [SA46865] IBM Lotus Mobile Connect Redirect URL Cross-Site Scripting Vulnerability Message-ID: <201111180320.pAI3KWQO027680@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM Lotus Mobile Connect Redirect URL Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46865 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46865/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46865 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46865/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46865/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46865 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Lotus Mobile Connect, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input related to the redirect URL for HTTP access services is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 6.1.4 build 20110909. SOLUTION: Update to version 6.1.4 build 20110909. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IV07148): http://www.ibm.com/support/docview.wss?uid=swg27020327 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 19:47:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 04:47:39 +0100 Subject: [SEC] [SA46890] Ubuntu update for bind9 Message-ID: <201111180347.pAI3ldw0018349@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for bind9 SECUNIA ADVISORY ID: SA46890 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46890/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46890 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46890/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46890/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46890 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46887 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1264-1: http://www.ubuntu.com/usn/usn-1264-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 20:12:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 05:12:33 +0100 Subject: [SEC] [SA46897] HP-UX System Administration Manager Unspecified Privilege Escalation Vulnerability Message-ID: <201111180412.pAI4CXGf008921@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP-UX System Administration Manager Unspecified Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA46897 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46897/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46897 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46897/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46897/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46897 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an unspecified error within the System Administration Manager (SAM). No further information is currently available. The vulnerability is reported in versions B.11.11, B.11.23, and B.11.31 running EMS prior to version A.04.20.11.04_01. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBUX02724 SSRT100650: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03089106 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 20:48:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 05:48:17 +0100 Subject: [SEC] [SA46477] DVR Remote ActiveX Control DVRobot Library Loading Vulnerability Message-ID: <201111180448.pAI4mHxI032411@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: DVR Remote ActiveX Control DVRobot Library Loading Vulnerability SECUNIA ADVISORY ID: SA46477 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46477/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46477 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46477/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46477/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46477 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered a vulnerability in DVR Remote ActiveX Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to DVRobot.dll automatically being downloaded from the "manifest" folder of a web server invoking the ActiveX control after which the library file is loaded and some of its functions called. Successful exploitation allows execution of arbitrary code via a specially crafted web page and hosted DVRobot.dll file. The vulnerability is confirmed in version 2.1.0.39. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Carsten Eiram, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-80/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 21:16:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 06:16:17 +0100 Subject: [SEC] [SA46900] SUSE update for mysql Message-ID: <201111180516.pAI5GH8K023136@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for mysql SECUNIA ADVISORY ID: SA46900 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46900/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46900 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46900/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46900/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46900 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for mysql. This fixes multiple vulnerabilities, which can be exploited by malicious users to gain escalated privileges or cause a DoS (Denial of Service). For more information: SA41716 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1252-1: https://hermes.opensuse.org/messages/12445264 openSUSE-SU-2011:1250-1: http://lists.opensuse.org/opensuse-updates/2011-11/msg00018.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 21:47:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 06:47:39 +0100 Subject: [SEC] [SA46889] Google Chrome V8 Memory Corruption Vulnerability Message-ID: <201111180547.pAI5ldVU014039@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Google Chrome V8 Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA46889 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46889/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46889 RELEASE DATE: 2011-11-17 DISCUSS ADVISORY: http://secunia.com/advisories/46889/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46889/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46889 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in V8 (JavaScript engine) and can be exploited to cause an out of bounds write and corrupt memory. Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 15.0.874.121. PROVIDED AND/OR DISCOVERED BY: The vendor credits Christian Holler. ORIGINAL ADVISORY: http://googlechromereleases.blogspot.com/2011/11/stable-channel-update_16.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 17 22:13:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 07:13:03 +0100 Subject: [SEC] [SA46035] Oracle Solaris Mozilla Thunderbird Multiple Vulnerabilities Message-ID: <201111180613.pAI6D3am004608@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Mozilla Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46035 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46035 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46035/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46035/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46035 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged multiple vulnerabilities in Mozilla Thunderbird included in Solaris, which can be exploited by malicious people to compromise a user's system. For more information: SA44407 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_thunderbird OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 10:34:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 19:34:27 +0100 Subject: [SEC] [SA46880] webERP Multiple Vulnerabilities Message-ID: <201111181834.pAIIYRrp031796@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: webERP Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46880 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46880/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46880 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46880/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46880/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46880 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a security issue and multiple vulnerabilities in webERP, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to disclose certain system information and conduct cross-site scripting attacks. 1) Input appended to the URL after e.g. index.php, doc/manual/manualcontents.php, AccountGroups.php, AccountSections.php, AddCustomerContacts.php, AddCustomerNotes.php, Areas.php, AddCustomerTypeNotes.php, AgedDebtors.php, and AgedSuppliers.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. NOTE: Other scripts may also be affected. 2) Input passed to the "reportid" parameter in reportwriter/ReportMaker.php (when "action" is set to "go") and the "ReportID" POST parameter in reportwriter/FormMaker.php (when "todo" is set to "Criteria Setup" and "FormID" is set to a valid value) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 3) The application does not properly restrict access to phpinfo.php, which can be exploited to disclose certain system information. The security issue and the vulnerabilities are confirmed in version 4.05. Prior versions may also be affected. SOLUTION: Fixed in version 4.06RC2. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB23055: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_weberp.html webERP: http://www.weberp.org/HomePage?time=2011-11-12+19%3A42%3A14 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 11:33:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 20:33:35 +0100 Subject: [SEC] [SA46899] Pale Moon Multiple Vulnerabilities Message-ID: <201111181933.pAIJXZJo024111@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Pale Moon Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46899 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46899/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46899 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46899/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46899/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46899 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Pale Moon, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a user's system. For more information: SA46757 SOLUTION: Update to version 3.6.27. ORIGINAL ADVISORY: http://www.palemoon.org/releasenotes.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 12:34:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 21:34:48 +0100 Subject: [SEC] [SA46894] GoAhead WebServer Multiple Script Insertion Vulnerabilities Message-ID: <201111182034.pAIKYmoq016529@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: GoAhead WebServer Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA46894 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46894/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46894 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46894/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46894/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46894 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in GoAhead WebServer, which can be exploited by malicious people to conduct script insertion attacks. 1) Input passed via the "group" POST parameter to goform/AddGroup (when "ok" is set to "OK") when adding a group is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Input passed via the "url" POST parameter to goform/AddAccessLimit (when "ok" is set to "OK") when adding an access limit is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 3) Input passed via the "user" POST parameter to goform/AddUser (when "ok" is set to "OK") when adding a user is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are confirmed in version 2.1.8. Prior versions may also be affected. SOLUTION: Update to version 2.5. PROVIDED AND/OR DISCOVERED BY: US-CERT credits Silent Dream ORIGINAL ADVISORY: http://www.kb.cert.org/vuls/id/384427 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 13:34:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 22:34:34 +0100 Subject: [SEC] [SA46909] Ubuntu update for system-config-printer Message-ID: <201111182134.pAILYYft008863@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for system-config-printer SECUNIA ADVISORY ID: SA46909 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46909/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46909 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46909/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46909/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46909 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for system-config-printer. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to the cupshelpers scripts using a HTTP request to check for printer drivers within the OpenPrinting database and can be exploited to e.g. spoof and install altered packages via Man-in-the-Middle (MitM) attacks. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1265-1: http://www.ubuntu.com/usn/usn-1265-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 14:28:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 23:28:57 +0100 Subject: [SEC] [SA46896] GoAhead WebServer "name" and "address" Cross-Site Scripting Vulnerabilities Message-ID: <201111182228.pAIMSveH000869@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: GoAhead WebServer "name" and "address" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46896 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46896/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46896 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46896/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46896/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46896 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in GoAhead Webserver, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "name" and "address" parameters in goform/formTest is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 2.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Prabhu S Angadi, SecPod Technologies ORIGINAL ADVISORY: http://webserver.goahead.com/forum/topic/169 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 14:48:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 18 Nov 2011 23:48:14 +0100 Subject: [SEC] [SA46862] Ubuntu update for freetype Message-ID: <201111182248.pAIMmE0K023597@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for freetype SECUNIA ADVISORY ID: SA46862 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46862/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46862 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46862/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46862/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46862 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library. For more information: SA46575 SA46839 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1267-1: http://www.ubuntu.com/usn/usn-1267-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 15:13:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 00:13:23 +0100 Subject: [SEC] [SA46910] Fedora update for squid Message-ID: <201111182313.pAINDNIM014177@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for squid SECUNIA ADVISORY ID: SA46910 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46910/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46910 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46910/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46910/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46910 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46609 SOLUTION: Apply updated packages via the yum utility ("yum update squid"). ORIGINAL ADVISORY: FEDORA-2011-15256: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069398.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 15:48:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 00:48:46 +0100 Subject: [SEC] [SA46901] SUSE update for MozillaFirefox Message-ID: <201111182348.pAINmkEU005275@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for MozillaFirefox SECUNIA ADVISORY ID: SA46901 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46901/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46901 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46901/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46901/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46901 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for MozillaFirefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a user's system. For more information: SA46203 SA46757 SA46773 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1256-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00020.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 16:14:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 01:14:07 +0100 Subject: [SEC] [SA46906] Red Hat update for bind97 Message-ID: <201111190014.pAJ0E7i2028261@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for bind97 SECUNIA ADVISORY ID: SA46906 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46906/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46906 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46906/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46906/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46906 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for bind97. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46887 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1459-1: https://rhn.redhat.com/errata/RHSA-2011-1459.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 16:48:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 01:48:53 +0100 Subject: [SEC] [SA46905] Red Hat update for bind Message-ID: <201111190048.pAJ0mrCA019325@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for bind SECUNIA ADVISORY ID: SA46905 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46905/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46905 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46905/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46905/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46905 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46887 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1458-01: https://rhn.redhat.com/errata/RHSA-2011-1458.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 17:17:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 02:17:06 +0100 Subject: [SEC] [SA46867] IBM WebSphere Application Server JSF Applications Request Handling Information Disclosure Message-ID: <201111190117.pAJ1H6lk010056@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server JSF Applications Request Handling Information Disclosure SECUNIA ADVISORY ID: SA46867 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46867/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46867 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46867/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46867/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46867 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error when handling requests in JavaServer Faces (JSF) applications and can be exploited to disclose the contents of files. The vulnerability is reported in version 8.0.0. SOLUTION: Update to version 8.0.0 Fix Pack 1 (8.0.0.1). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PM45992): http://www.ibm.com/support/docview.wss?uid=swg27022958 ISS X-Force: http://xforce.iss.net/xforce/xfdb/70168 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 17:49:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 02:49:04 +0100 Subject: [SEC] [SA46908] Ubuntu update for openldap Message-ID: <201111190149.pAJ1n4nD000908@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for openldap SECUNIA ADVISORY ID: SA46908 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46908/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46908 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46908/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46908/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46908 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service). For more information: SA46599 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1266-1: http://www.ubuntu.com/usn/usn-1266-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 18:13:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 03:13:57 +0100 Subject: [SEC] [SA46877] Ruby on Rails Translate Helper Method Cross-Site Scripting Vulnerability Message-ID: <201111190213.pAJ2DvIp023941@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ruby on Rails Translate Helper Method Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46877 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46877/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46877 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46877/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46877/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46877 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Ruby on Rails, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to the translate helper method is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Successful exploitation requires that rails_xss plugin is used. The vulnerability is reported in versions prior to 3.0.11 and 3.1.2 SOLUTION: Update to version 3.0.11 or 3.1.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Sergey Nartimov. ORIGINAL ADVISORY: http://weblog.rubyonrails.org/2011/11/18/rails-3-1-2-has-been-released http://weblog.rubyonrails.org/2011/11/18/rails-3-0-11-has-been-released http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 18:48:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 03:48:23 +0100 Subject: [SEC] [SA46907] SPIP Security Bypass and Cross-Site Scripting Vulnerabilities Message-ID: <201111190248.pAJ2mNsl014981@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SPIP Security Bypass and Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46907 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46907/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46907 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46907/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46907/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46907 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in SPIP, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks. 1) An error within a certain authorisation check can be exploited by a logged-in member to gain administrative privileges. 2) Input passed via the "aide" parameter is not properly sanitised in the "exec_aide_index_dist()" function (ecrire/exec/aide_index.php) before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 2.1.12. SOLUTION: Update to version 2.1.12. PROVIDED AND/OR DISCOVERED BY: The vendor credits High-Tech Bridge SA Security Research Lab. ORIGINAL ADVISORY: http://archives.rezo.net/archives/spip-ann.mbox/GFZZLMG4ZO5MA4KWQ77XEHDM27ZRMCQH/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 19:19:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 04:19:52 +0100 Subject: [SEC] [SA46761] VMware vCenter Update Manager Jetty Directory Traversal Vulnerability Message-ID: <201111190319.pAJ3Jqqt006337@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: VMware vCenter Update Manager Jetty Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA46761 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46761/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46761 RELEASE DATE: 2011-11-18 DISCUSS ADVISORY: http://secunia.com/advisories/46761/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46761/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46761 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Alexey Sintsov has reported a vulnerability in VMware vCenter Update Manager, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due a vulnerability in the bundled Jetty version. For more information see vulnerability #1 in: SA34975 The vulnerability is reported in versions 4.1 prior to Update 2 and 4.0 prior to Update 4. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Alexey Sintsov, Digital Security Research Group. ORIGINAL ADVISORY: VMware (VMSA-2011-0014): http://www.vmware.com/security/advisories/VMSA-2011-0014.html DSECRG-11-042: http://dsecrg.com/pages/vul/show.php?id=342 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 19:48:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 04:48:10 +0100 Subject: [SEC] [SA46000] Oracle Fusion Middleware / Application Server ByteRange Filter Denial of Service Message-ID: <201111190348.pAJ3mAed029451@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Oracle Fusion Middleware / Application Server ByteRange Filter Denial of Service SECUNIA ADVISORY ID: SA46000 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46000/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46000 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46000/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46000/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46000 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Oracle Fusion Middleware and Oracle Application Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 The vulnerability is reported in the following products: * Oracle Fusion Middleware 11g versions 11.1.1.3.0, 11.1.1.4.0, and 11.1.1.5.0. * Oracle Application Server 10g versions 10.1.2.3.0 and 10.1.3.5.0. SOLUTION: Apply patches. Please see the vendor's advisory for details. ORIGINAL ADVISORY: http://blogs.oracle.com/security/entry/security_alert_for_cve_2011 http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 20:13:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 05:13:34 +0100 Subject: [SEC] [SA46077] Oracle Solaris w3m SSL Certificate Processing Vulnerability Message-ID: <201111190413.pAJ4DYG3020051@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Oracle Solaris w3m SSL Certificate Processing Vulnerability SECUNIA ADVISORY ID: SA46077 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46077/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46077 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46077/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46077/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46077 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in w3m included in Solaris, which can be exploited by malicious people to conduct spoofing attacks. For more information see vulnerability #1 in: SA40134 SOLUTION: Apply bug fix 7008664. ORIGINAL ADVISORY: http://blogs.oracle.com/sunsecurity/entry/cve_2010_2074_improper_input OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 20:48:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 05:48:41 +0100 Subject: [SEC] [SA46084] IBM WebSphere Commerce Dojo Toolkit Redirection Weaknesses and Cross-Site Scripting Message-ID: <201111190448.pAJ4mf2G011133@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Commerce Dojo Toolkit Redirection Weaknesses and Cross-Site Scripting SECUNIA ADVISORY ID: SA46084 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46084/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46084 RELEASE DATE: 2011-09-19 DISCUSS ADVISORY: http://secunia.com/advisories/46084/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46084/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46084 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged some weaknesses and vulnerabilities in IBM WebSphere Commerce, which can be exploited by malicious people to conduct redirection and cross-site scripting attacks. For more information: SA38964 The weaknesses and vulnerabilities are reported in versions prior to 7.0 Feature Pack 3. SOLUTION: Update to Feature Pack 3. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg1JR40578 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 21:13:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 06:13:46 +0100 Subject: [SEC] [SA46030] Red Hat update for JBoss Enterprise Web Server Message-ID: <201111190513.pAJ5Dks6001632@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for JBoss Enterprise Web Server SECUNIA ADVISORY ID: SA46030 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46030/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46030 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/46030/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46030/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46030 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for JBoss Enterprise Web Server. This fixes a weakness, which can be exploited by malicious, local users to disclose sensitive information. For more information: SA45641 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1292-1: https://rhn.redhat.com/errata/RHSA-2011-1292.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 21:48:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 06:48:47 +0100 Subject: [SEC] [SA45940] TYPO3 Cache Flooding Denial of Service and SQL Injection Vulnerabilities Message-ID: <201111190548.pAJ5mltY025170@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: TYPO3 Cache Flooding Denial of Service and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA45940 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45940/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45940 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45940/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45940/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45940 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in TYPO3, which can be exploited by malicious people to cause a DoS (Denial of Service) and to conduct SQL injection attacks. 1) An unspecified error when processing an invalid "cHash" parameter (cache hash) can be exploited to flood caching tables of the application. Successful exploitation of this vulnerability requires that $TYPO3_CONF_VARS['FE']['disableNoCacheParameter'] is set to '1'. This vulnerability is reported in versions 4.2.0 through 4.5.5. 2) Certain unspecified input passed to the application is not properly sanitised before being used in prepared queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that two or more parameters are bound to a prepared query and at least two of them are controlled by the attacker. Note: The vendor reports that the TYPO3 Core is not affected by this vulnerability and that there is currently no known vector with regards to extensions from the TYPO3 Extension Repository (TER). This vulnerability is reported in versions 4.5.0 through 4.5.5. SOLUTION: Update to versions 4.3.14, 4.4.11, or 4.5.6. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Daniel Poetzinger 2) Franz G. Jahn ORIGINAL ADVISORY: TYPO3-CORE-SA-2011-002: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-002/ TYPO3-CORE-SA-2011-003: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-003/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 18 22:13:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 07:13:08 +0100 Subject: [SEC] [SA45977] Kolab Server Multiple vulnerabilities Message-ID: <201111190613.pAJ6D8xH015702@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Kolab Server Multiple vulnerabilities SECUNIA ADVISORY ID: SA45977 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45977/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45977 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45977/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45977/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45977 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Kolab has acknowledged multiple vulnerabilities in Kolab Server, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA44874 SA45606 SA45781 SA45938 SOLUTION: Update to version 2.3.3. ORIGINAL ADVISORY: http://kolab.org/pipermail/kolab-announce/2011/000102.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 19 10:32:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 19:32:38 +0100 Subject: [SEC] [SA46029] Red Hat update for squid Message-ID: <201111191832.pAJIWcQB010394@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for squid SECUNIA ADVISORY ID: SA46029 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46029/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46029 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/46029/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46029/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46029 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA45805 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1293-01: https://rhn.redhat.com/errata/RHSA-2011-1293.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 19 11:31:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 20:31:50 +0100 Subject: [SEC] [SA45936] Linux Kernel CIFS DFS Denial of Service Vulnerability Message-ID: <201111191931.pAJJVoPn002654@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Linux Kernel CIFS DFS Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45936 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45936/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45936 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45936/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45936/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45936 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when mounting CIFS shares with certain DFS referrals, which can be exploited to trigger a "BUG_ON()" in a client by tricking the victim into mounting from a malicious server. SOLUTION: https://github.com/torvalds/linux/commit/70945643722ffeac779d2529a348f99567fa5c33 PROVIDED AND/OR DISCOVERED BY: Reported by Yogesh Sharma in a Red Hat bug. ORIGINAL ADVISORY: Red Hat bug #682829: https://bugzilla.redhat.com/show_bug.cgi?id=682829 https://github.com/torvalds/linux/commit/70945643722ffeac779d2529a348f99567fa5c33 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 19 12:32:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 21:32:22 +0100 Subject: [SEC] [SA45951] SAP NetWeaver Web Application Server Multiple Vulnerabilities Message-ID: <201111192032.pAJKWMlx027470@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SAP NetWeaver Web Application Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45951 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45951/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45951 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45951/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45951/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45951 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in SAP NetWeaver Web Application Server, which can be exploited by malicious people to disclose sensitive information, conduct cross-site scripting attacks, and cause a DoS (Denial of Service). 1) An error exists within the cachetest service, which can be exploited to render the ERP functionality unavailable. 2) Certain input passed to the WEBRFC ICF service is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) An error within the SHORTCUT ICF service can be exploited to disclose certain sensitive information. The vulnerabilities are reported in SAP Web Application Server 7.00 Patch Number 95. Other versions may also be affected. SOLUTION: Apply fixes. Please see the vendor's advisory for more information. PROVIDED AND/OR DISCOVERED BY: Mariano Nunez Di Croce, Onapsis. ORIGINAL ADVISORY: SAP: https://service.sap.com/sap/support/notes/1553930 https://service.sap.com/sap/support/notes/1536640 https://service.sap.com/sap/support/notes/1556749 Onapsis: http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2011-014 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2011-015 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2011-016 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 19 13:32:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 22:32:17 +0100 Subject: [SEC] [SA45992] Ubuntu update for librsvg Message-ID: <201111192132.pAJLWHEF019812@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for librsvg SECUNIA ADVISORY ID: SA45992 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45992/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45992 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45992/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45992/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45992 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for librsvg. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA45877 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1206-1: http://www.ubuntu.com/usn/usn-1206-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 19 14:25:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 23:25:32 +0100 Subject: [SEC] [SA45985] HP Network Node Manager Multiple Vulnerabilities Message-ID: <201111192225.pAJMPWWa011834@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP Network Node Manager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45985 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45985/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45985 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45985/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45985/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45985 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has acknowledged some vulnerabilities in Network Node Manager i, which can be exploited by malicious people to potentially disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user's system. For more information: SA37231 The vulnerabilities are reported in versions 8.1.x and 9.0.x. SOLUTION: Apply hotfixes. Please contact HP Services support channel for details. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: HPSBMU02703 SSRT100242: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03005726 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 19 14:47:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 19 Nov 2011 23:47:54 +0100 Subject: [SEC] [SA45967] Cogent Products Multiple Vulnerabilities Message-ID: <201111192247.pAJMlsuA002186@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Cogent Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45967 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45967/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45967 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45967/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45967/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45967 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in some Cogent products, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system and by malicious people to compromise a vulnerable system. 1) A boundary error when processing certain commands can be exploited to cause a stack-based buffer overflow by e.g. sending specially crafted "domain", "report_domain", "register_datahub", or "slave" commands to TCP ports 4502 (plain text) or 4503 (SSL). 2) An input validation error in the webserver can be exploited to disclose arbitrary files via directory traversal attacks. 3) An integer overflow error in the webserver when handling the HTTP "Content-Length" header can be exploited to cause a heap-based buffer overflow by sending specially crafted HTTP requests. 4) An error within the webserver when handling requests ending with certain characters can be exploited to e.g. disclose the source code of .ASP scripts by appending "+", "%20", or "%2e" to the requested URL. Vulnerabilities #2 through #4 may require valid credentials to the internal webserver. The vulnerabilities are reported in the following products: * Cogent DataHub versions prior to 7.1.2 (confirmed in 7.1.1.63). * OPC DataHub versions prior to 6.4.20. * Cascade DataHub versions prior to 6.4.20. SOLUTION: Update to version 7.1.2 or 6.4.20. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/cogent_1-adv.txt http://aluigi.altervista.org/adv/cogent_2-adv.txt http://aluigi.altervista.org/adv/cogent_3-adv.txt http://aluigi.altervista.org/adv/cogent_4-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 19 15:11:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Nov 2011 00:11:46 +0100 Subject: [SEC] [SA46013] Apache HTTP Server mod_proxy_ajp Denial of Service Vulnerability Message-ID: <201111192311.pAJNBkjn025164@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Apache HTTP Server mod_proxy_ajp Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46013 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46013/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46013 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/46013/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46013/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46013 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the processing of malformed HTTP requests in mod_proxy_ajp when being used in combination with mod_proxy_balancer. This can be exploited to put a backend server into an error state by sending specially crafted HTTP requests, resulting in a temporary DoS until the retry timeout expires. The vulnerability is reported in versions 2.2.12, 2.2.13, 2.2.14, 2.2.15, 2.2.16, 2.2.17, 2.2.18, 2.2.19, and 2.2.20. SOLUTION: Update to version 2.2.21. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Nov 19 15:46:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 20 Nov 2011 00:46:59 +0100 Subject: [SEC] [SA45891] Microsoft Windows WINS Privilege Escalation Vulnerability Message-ID: <201111192346.pAJNkx53016242@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Windows WINS Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA45891 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45891/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45891 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45891/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45891/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45891 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Core Security Technologies has reported a vulnerability in Microsoft Windows, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error in the Windows Internet Name Service (WINS) and can be exploited via a specially crafted sequence of WINS replication packets sent to the loopback interface. Successful exploitation may allow execution of arbitrary code with the privileges of the WINS service. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Nicolas Economou, Core Security Technologies. ORIGINAL ADVISORY: MS11-070 (KB2571621): http://technet.microsoft.com/en-us/security/bulletin/ms11-070 Core Security Technologies: http://www.coresecurity.com/content/ms-wins-ecommenddlg-input-validation OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 10:32:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Nov 2011 19:32:45 +0100 Subject: [SEC] [SA46965] Fedora update for proftpd Message-ID: <201111211832.pALIWjNZ006516@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for proftpd SECUNIA ADVISORY ID: SA46965 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46965/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46965 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46965/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46965/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46965 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. For more information: SA46811 SOLUTION: Apply updated packages via the yum utility ("yum update proftpd"). ORIGINAL ADVISORY: FEDORA-2011-15741: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069446.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 11:33:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Nov 2011 20:33:14 +0100 Subject: [SEC] [SA46933] Gentoo update for chromium and v8 Message-ID: <201111211933.pALJXECf031274@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for chromium and v8 SECUNIA ADVISORY ID: SA46933 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46933/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46933 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46933/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46933/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46933 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for chromium and v8. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA46815 SA46889 SOLUTION: Update to "www-client/chromium-15.0.874.121" or later and "dev-lang/v8-3.5.10.24" or later. ORIGINAL ADVISORY: GLSA 201111-05: http://www.gentoo.org/security/en/glsa/glsa-201111-05.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 12:32:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Nov 2011 21:32:27 +0100 Subject: [SEC] [SA46917] SUSE update for acroread Message-ID: <201111212032.pALKWR5h023595@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for acroread SECUNIA ADVISORY ID: SA46917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46917 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for acroread. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA45978 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SA:2011:044: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 13:32:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Nov 2011 22:32:52 +0100 Subject: [SEC] [SA46937] Zenprise Device Manager Web Console Cross-Site Request Forgery Vulnerability Message-ID: <201111212132.pALLWqFG015979@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Zenprise Device Manager Web Console Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA46937 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46937/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46937 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46937/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46937/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46937 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Zenprise Device Manager, which can be exploited by malicious people to conduct cross-site request forgery attacks. The web console allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. execute commands on a device by tricking an administrative user into visiting a malicious web site. The vulnerability is reported in versions 6.0 through 6.1.8. SOLUTION: Apply patch Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: US-CERT credits Laurent Oudot, TEHTRI-Security. ORIGINAL ADVISORY: US-CERT (VU#584363): http://www.kb.cert.org/vuls/id/584363 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 14:26:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Nov 2011 23:26:05 +0100 Subject: [SEC] [SA46966] Fedora update for moodle Message-ID: <201111212226.pALMQ5XW007991@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for moodle SECUNIA ADVISORY ID: SA46966 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46966/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46966 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46966/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46966/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46966 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for moodle. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information, manipulate certain data, and cause a DoS (Denial of Service) and by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. For more information: SA46427 SOLUTION: Apply updated packages via the yum utility ("yum update moodle"). ORIGINAL ADVISORY: FEDORA-2011-14732: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069438.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 14:46:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 21 Nov 2011 23:46:38 +0100 Subject: [SEC] [SA46920] Debian update for systemtap Message-ID: <201111212246.pALMkcxI030715@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for systemtap SECUNIA ADVISORY ID: SA46920 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46920/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46920 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46920/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46920/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46920 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for systemtap. This fixes a security issue and two vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service). For more information: SA42256 SA45377 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2348-1: http://www.debian.org/security/2011/dsa-2348 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 15:12:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 00:12:06 +0100 Subject: [SEC] [SA46927] Gentoo update for evince Message-ID: <201111212312.pALNC689021321@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for evince SECUNIA ADVISORY ID: SA46927 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46927/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46927 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46927/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46927/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46927 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for evince. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. For more information: SA42769 SOLUTION: Update to "app-text/evince-2.32.0-r2" or later. ORIGINAL ADVISORY: GLSA 201111-10: http://www.gentoo.org/security/en/glsa/glsa-201111-10.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 15:49:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 00:49:24 +0100 Subject: [SEC] [SA46921] Debian update for freetype Message-ID: <201111212349.pALNnObB012520@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for freetype SECUNIA ADVISORY ID: SA46921 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46921/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46921 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46921/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46921/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46921 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library. For more information: SA46839 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2350-1: http://www.debian.org/security/2011/dsa-2350 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 16:12:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 01:12:23 +0100 Subject: [SEC] [SA46955] GNU Gnash Cookie Disclosure Security Issue Message-ID: <201111220012.pAM0CNjt002952@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: GNU Gnash Cookie Disclosure Security Issue SECUNIA ADVISORY ID: SA46955 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46955/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46955 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46955/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46955/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46955 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in GNU Gnash, which can be exploited by malicious, local users to disclose sensitive information. The security issue is caused due to the application creating cookie files with insecure permissions. This can be exploited to disclose another user's session information. The security issue is reported in version 0.8.9. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported in a Debian bug by Alexander Kurtz. ORIGINAL ADVISORY: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649384 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 16:46:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 01:46:57 +0100 Subject: [SEC] [SA46962] Fedora update for drupal-views Message-ID: <201111220046.pAM0kvHZ026440@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for drupal-views SECUNIA ADVISORY ID: SA46962 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46962/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46962 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46962/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46962/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46962 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for drupal-views. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks. For more information: SA46680 SOLUTION: Apply updated packages via the yum utility ("yum update drupal-views"). ORIGINAL ADVISORY: FEDORA-2011-15399: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069499.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 17:14:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 02:14:21 +0100 Subject: [SEC] [SA46923] Debian update for spip Message-ID: <201111220114.pAM1ELup017156@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for spip SECUNIA ADVISORY ID: SA46923 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46923/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46923 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46923/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46923/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46923 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for spip. This fixes two vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks. For more information: SA46907 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2349-1: http://www.debian.org/security/2011/dsa-2349 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 17:46:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 02:46:23 +0100 Subject: [SEC] [SA46904] syslog-ng Premium Edition OpenSSL ClientHello Handshake Message Parsing Vulnerability Message-ID: <201111220146.pAM1kNF1008087@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: syslog-ng Premium Edition OpenSSL ClientHello Handshake Message Parsing Vulnerability SECUNIA ADVISORY ID: SA46904 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46904/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46904 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46904/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46904/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46904 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: BalaBit has acknowledged a vulnerability in syslog-ng Premium Edition, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). For more information: SA43227 SOLUTION: Update to version 3.0.7b and 4 LTS (4.0.3b) or 4 F1 (4.1.2a). ORIGINAL ADVISORY: https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-November/000127.html https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-November/000128.html https://lists.balabit.hu/pipermail/syslog-ng-announce/2011-November/000129.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 18:11:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 03:11:59 +0100 Subject: [SEC] [SA46945] SUSE update for wireshark Message-ID: <201111220211.pAM2Bx3p031081@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for wireshark SECUNIA ADVISORY ID: SA46945 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46945/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46945 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46945/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46945/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46945 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for wireshark. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45086 SA45927 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1263-1: http://lists.opensuse.org/opensuse-updates/2011-11/msg00023.html SUSE-SU-2011:1262-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00021.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 18:47:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 03:47:45 +0100 Subject: [SEC] [SA46964] Fedora update for puppet Message-ID: <201111220247.pAM2ljH9022194@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for puppet SECUNIA ADVISORY ID: SA46964 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46964/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46964 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46964/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46964/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46964 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for puppet. This fixes a vulnerability, which can be exploited by malicious users to conduct spoofing attacks. For more information: SA46550 SOLUTION: Apply updated packages via the yum utility ("yum update puppet"). ORIGINAL ADVISORY: FEDORA-2011-15000: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069488.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 19:20:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 04:20:44 +0100 Subject: [SEC] [SA46936] Novell Open Enterprise Server iPrint Client "GetDriverSettings()" Buffer Overflow Vulnerability Message-ID: <201111220320.pAM3KiSJ014846@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Novell Open Enterprise Server iPrint Client "GetDriverSettings()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46936 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46936/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46936 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46936/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46936/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46936 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Novell has acknowledged a vulnerability in Open Enterprise Server, which can be exploited by malicious people to compromise a user's system. For more information: SA46606 The vulnerability is reported in Open Enterprise Server 2 Service Pack 3. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5117030.html http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5117031.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 19:48:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 04:48:09 +0100 Subject: [SEC] [SA46929] Gentoo update for perl Message-ID: <201111220348.pAM3m9WB005517@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for perl SECUNIA ADVISORY ID: SA46929 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46929/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46929 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46929/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46929/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46929 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for perl. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. For more information see vulnerability #1 in: SA40049 SOLUTION: Update to "perl-core/Safe-2.27" or later or "virtual/perl-Safe-2.27" or later. ORIGINAL ADVISORY: GLSA 201111-09: http://www.gentoo.org/security/en/glsa/glsa-201111-09.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 20:14:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 05:14:04 +0100 Subject: [SEC] [SA46954] RealPlayer Multiple Vulnerabilities Message-ID: <201111220414.pAM4E4gF028540@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: RealPlayer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46954 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46954/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46954 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46954/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46954/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46954 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in RealPlayer, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error related to RealVideo rendering can be exploited to cause a heap-based buffer overflow. 2) An unspecified error related to RealVideo rendering can be exploited to corrupt memory. 3) An unspecified error related to the AAC Codec can be exploited to corrupt memory. 4) An unspecified error exists within parsing of QCELP streams. 5) An unspecified error exists within parsing of AAC files. 6) An unspecified error exists related to indexes within RV30 encoded files. 7) An unspecified error exists within parsing of the ATRC codec. 8) An unspecified error exists related to sample size when parsing RealAudio files. 9) An unspecified error exists related to sample height when parsing RV10 encoded files. 10) An unspecified error exists when decoding RV20 encoded files. 11) An unspecified error exists when handling RTSP SETUP requests. 12) An unspecified error exists related to invalid codec names. 13) An unspecified error exists related to an uninitialized index value within RV30 encoded files. 14) An unspecified error exists when parsing the channel within the Cook codec. 15) An unspecified error exists when parsing the MLTI chunk length within IVR files. 16) An integer underflow error exists related to the MPG width. 17) An unspecified error exists when parsing MP4 headers. 18) An unspecified error related to MP4 video dimensions can be exploited to corrupt heap memory. 19) An unspecified error exists when parsing MP4 files. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in the versions 14.0.7 and prior. SOLUTION: Upgrade to version 15.0.0. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Omair via iDefense Labs 2, 3, 10) Andrzej Dyjak via iDefense Labs 4, 6-10, 12-14) Damian Put via ZDI 5, 11, 15-18) Luigi Auriemma via ZDi 19) Alexander Gavrun via ZDI ORIGINAL ADVISORY: http://service.real.com/realplayer/security/11182011_player/en/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 20:48:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 05:48:13 +0100 Subject: [SEC] [SA46935] SUSE update for mozilla-nss Message-ID: <201111220448.pAM4mDIQ019570@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for mozilla-nss SECUNIA ADVISORY ID: SA46935 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46935/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46935 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46935/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46935/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46935 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for mozilla-nss. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a user's system. For more information: SA46203 SA46757 SA46773 SOLUTION: Apply updated packages via the zypper package manager ORIGINAL ADVISORY: SUSE-SU-2011:1256-2: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00023.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 21:13:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 06:13:03 +0100 Subject: [SEC] [SA46930] Gentoo update for radvd Message-ID: <201111220513.pAM5D3v9010149@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for radvd SECUNIA ADVISORY ID: SA46930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for radvd. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service). For more information: SA46200 SOLUTION: Update to "net-misc/radvd-1.8.2" or later. ORIGINAL ADVISORY: GLSA 201111-08: http://www.gentoo.org/security/en/glsa/glsa-201111-08.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 21:47:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 06:47:45 +0100 Subject: [SEC] [SA46932] Gentoo update for maradns Message-ID: <201111220547.pAM5ljqn001134@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for maradns SECUNIA ADVISORY ID: SA46932 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46932/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46932 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46932/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46932/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46932 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for maradns. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA43027 SOLUTION: Update to "net-dns/maradns-1.4.06" or later. ORIGINAL ADVISORY: GLSA 201111-06: http://www.gentoo.org/security/en/glsa/glsa-201111-06.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 21 22:12:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 07:12:59 +0100 Subject: [SEC] [SA46922] Gentoo update for abcm2ps Message-ID: <201111220612.pAM6Cx8W024174@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for abcm2ps SECUNIA ADVISORY ID: SA46922 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46922/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46922 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46922/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46922/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46922 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for abcm2ps. This fixes some vulnerabilities, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA39345 SA40033 SOLUTION: Update to "media-sound/abcm2ps-5.9.13" or later. ORIGINAL ADVISORY: GLSA 201111-12: http://www.gentoo.org/security/en/glsa/glsa-201111-12.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 10:35:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 19:35:28 +0100 Subject: [SEC] [SA46970] Freelancer calendar Multiple SQL Injection Vulnerabilities Message-ID: <201111221835.pAMIZS03019005@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Freelancer calendar Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA46970 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46970/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46970 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46970/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46970/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46970 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Freelancer calendar, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "SearchField" parameter to category_list.php, Copy_of_calendar_list.php, customer_statistics_list.php, customer_list.php, and task_statistics_list.php (when "a" is set to "search", "SearchFor" is set, and "SearchOption" is set to "Contains") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.01. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: muuratsalo ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0305.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 11:32:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 20:32:35 +0100 Subject: [SEC] [SA46957] WordPress WP e-Commerce Plugin Script Insertion Vulnerability Message-ID: <201111221932.pAMJWZmT011225@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress WP e-Commerce Plugin Script Insertion Vulnerability SECUNIA ADVISORY ID: SA46957 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46957/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46957 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46957/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46957/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46957 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the WP e-Commerce plugin for WordPress, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "custom_text" parameter to index.php when adding a product to the cart is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires the ability to add custom content to purchases. The vulnerability is confirmed in version 3.8.7.1. Prior versions may also be affected. SOLUTION: Update to version 3.8.7.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://wordpress.org/extend/plugins/wp-e-commerce/changelog/ http://plugins.trac.wordpress.org/changeset?reponame=&new=463447%40wp-e-commerce&old=463446%40wp-e-commerce OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 12:35:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 21:35:10 +0100 Subject: [SEC] [SA46536] IBM AIX BIND Recursive Query Processing Denial of Service Vulnerability Message-ID: <201111222035.pAMKZAFu003704@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM AIX BIND Recursive Query Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46536 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46536/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46536 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46536/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46536/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46536 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in BIND included in AIX, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46887 SOLUTION: Apply APAR IV11106. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=isg1IV11106 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 13:34:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 22:34:20 +0100 Subject: [SEC] [SA46918] Blogs manager Multiple SQL Injection Vulnerabilities Message-ID: <201111222134.pAMLYKlG028414@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Blogs manager Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA46918 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46918/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46918 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46918/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46918/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46918 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Blogs manager, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "SearchField" parameter to _authors_list.php, _blogs_list.php, _category_list.php, _comments_list.php, _policy_list.php, _rate_list.php, categoriesblogs_list.php, chosen_authors_list.php, chosen_blogs_list.php, chosen_comments_list.php, and help_list.php (when "a" is set to "search", "SearchFor" is set, and "SearchOption" is set to "Contains") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.101. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: muuratsalo ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0303.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 14:30:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 23:30:32 +0100 Subject: [SEC] [SA46888] FFmpeg Multiple Vulnerabilities Message-ID: <201111222230.pAMMUWpG020575@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: FFmpeg Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46888 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46888/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46888 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46888/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46888/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46888 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. 1) An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited to cause a buffer overflow. 2) An integer overflow error within the "vp3_dequant()" function (libavcodec/vp3.c) can be exploited to cause a buffer overflow. 3) Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()", and the "vp6_parse_coeff()" functions can be exploited to trigger out-of-bounds reads. The vulnerabilities are reported in versions prior to 0.7.8 and 0.8.7. SOLUTION: Update to version 0.7.8 or 0.8.7. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://ffmpeg.org/#pr7dot8and8dot7 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 14:48:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 22 Nov 2011 23:48:32 +0100 Subject: [SEC] [SA46961] WordPress Yet Another Photoblog Plugin "fltr[]" Command Injection Vulnerability Message-ID: <201111222248.pAMMmWKB010790@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress Yet Another Photoblog Plugin "fltr[]" Command Injection Vulnerability SECUNIA ADVISORY ID: SA46961 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46961/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46961 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46961/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46961/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46961 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Yet Another Photoblog plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a bundled vulnerable version of phpThumb(). For more information: SA39556 The vulnerability is confirmed in version 1.9.26. Other versions may also be affected. SOLUTION: Update to version 1.10 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://wordpress.org/extend/plugins/yet-another-photoblog/changelog/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 15:13:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 00:13:39 +0100 Subject: [SEC] [SA46919] Microsoft Windows win32k.sys Driver Keyboard Layout Denial of Service Message-ID: <201111222313.pAMNDdOs001313@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Microsoft Windows win32k.sys Driver Keyboard Layout Denial of Service SECUNIA ADVISORY ID: SA46919 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46919/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46919 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46919/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46919/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46919 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Microsoft Windows, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an indexing error in the win32k.sys driver when loading a keyboard layout file. This can be exploited to access an invalid memory location resulting in a system crash. The vulnerability is confirmed on a fully patched Windows XP SP3 (win32k.sys version 5.1.2600.6149). Other versions may also be affected. SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: instruder ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/18140 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 15:48:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 00:48:47 +0100 Subject: [SEC] [SA46975] FishEye / Crucible Security Bypass Security Issue and Script Insertion Vulnerabilities Message-ID: <201111222348.pAMNmlCf024863@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: FishEye / Crucible Security Bypass Security Issue and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA46975 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46975/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46975 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46975/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46975/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46975 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and two vulnerabilities have been reported in FishEye and Crucible, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to bypass certain security restrictions. 1) Certain input related to the user profile display name is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Certain input related to snippets in a user's comment is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities #1 and #2 are reported in versions prior to 2.5.5. 3) An error due to the application not restricting access to changesets or reviews can be exploited to read metadata from repositories or projects via tooltips. This vulnerability is reported in versions 2.4.6 through 2.5.6. SOLUTION: Update to version 2.5.7. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://confluence.atlassian.com/display/FISHEYE/FishEye+and+Crucible+Security+Advisory+2011-11-22 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 16:13:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 01:13:58 +0100 Subject: [SEC] [SA46924] QQPlayer MOV File Processing Buffer Overflow Vulnerability Message-ID: <201111230013.pAN0Dwu5015447@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: QQPlayer MOV File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46924 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46924/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46924 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46924/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46924/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46924 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in QQPlayer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing MOV files and can be exploited to cause a stack-based buffer overflow via a specially crafted file. Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious file. The vulnerability is confirmed in version 3.2.845. Other versions may also be affected. SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: hellok OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 16:48:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 01:48:26 +0100 Subject: [SEC] [SA46946] Ubuntu update for kdeutils Message-ID: <201111230048.pAN0mQAt006495@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for kdeutils SECUNIA ADVISORY ID: SA46946 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46946/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46946 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46946/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46946/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46946 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for kdeutils. This fixes a weakness, which can be exploited by malicious people to manipulate certain data. For more information: SA45378 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1276-1: http://www.ubuntu.com/usn/usn-1276-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 17:15:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 02:15:18 +0100 Subject: [SEC] [SA46913] Debian update for wireshark Message-ID: <201111230115.pAN1FIlw029543@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for wireshark SECUNIA ADVISORY ID: SA46913 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46913/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46913 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46913/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46913/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46913 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for wireshark. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. For more information see vulnerability #3 in: SA46644 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2351-1: http://www.debian.org/security/2011/dsa-2351 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 17:47:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 02:47:48 +0100 Subject: [SEC] [SA46950] Ubuntu update for software-center Message-ID: <201111230147.pAN1lmRl020495@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for software-center SECUNIA ADVISORY ID: SA46950 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46950/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46950 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46950/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46950/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46950 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for software-center. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to the application incorrectly validating SSL certificates and can be exploited to e.g. spoof and install altered packages via Man-in-the-Middle (MitM) attacks. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1270-1: http://www.ubuntu.com/usn/usn-1270-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 18:13:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 03:13:35 +0100 Subject: [SEC] [SA46949] Ubuntu update for pidgin Message-ID: <201111230213.pAN2DZ19011099@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for pidgin SECUNIA ADVISORY ID: SA46949 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46949/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46949 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46949/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46949/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46949 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for pidgin. This fixes multiple weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43695 SA45663 SA46298 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1273-1: http://www.ubuntu.com/usn/usn-1273-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 18:47:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 03:47:46 +0100 Subject: [SEC] [SA46942] Ubuntu update for kernel Message-ID: <201111230247.pAN2lkQa002080@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for kernel SECUNIA ADVISORY ID: SA46942 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46942/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46942 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46942/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46942/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46942 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for kernel. This fixes multiple weaknesses and two vulnerabilities, which can be exploited by malicious, local users to conduct session hijacking attacks, cause a DoS (Denial of Service), and gain escalated privileges and by malicious people to cause a DoS (Denial of Service). For more information: SA40205 SA41493 SA44094 SA45236 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1268-1: http://www.ubuntu.com/usn/usn-1268-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 19:23:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 04:23:18 +0100 Subject: [SEC] [SA46953] Ubuntu update for linux-mvl-dove Message-ID: <201111230323.pAN3NItC026088@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-mvl-dove SECUNIA ADVISORY ID: SA46953 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46953/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46953 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46953/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46953/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46953 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-mvl-dove. This fixes a weakness and two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. For more information: SA40205 SA44094 SA44754 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1274-1: http://www.ubuntu.com/usn/usn-1274-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 19:46:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 04:46:40 +0100 Subject: [SEC] [SA46952] Nikki Directory Traversal and Command Injection Vulnerabilities Message-ID: <201111230346.pAN3kehV016580@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Nikki Directory Traversal and Command Injection Vulnerabilities SECUNIA ADVISORY ID: SA46952 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46952/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46952 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46952/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46952/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46952 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Nikki, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system. 1) Certain unspecified input is not properly sanitised before being used. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences. 2) Certain unspecified input is not properly sanitised before being used. This can be exploited to inject and execute arbitrary shell commands. The vulnerabilities are reported in versions 6.6 and prior. SOLUTION: Update to version 6.61. PROVIDED AND/OR DISCOVERED BY: JVN credits Masako Ohno. ORIGINAL ADVISORY: Nikki: http://mwq.jp/web/dlcgi/nik/history.txt JVN: http://jvn.jp/en/jp/JVN80081509/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000075.html http://jvn.jp/en/jp/JVN48839888/index.html http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000076.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 20:11:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 05:11:48 +0100 Subject: [SEC] [SA46947] Ubuntu update for kernel Message-ID: <201111230411.pAN4BmMH007159@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for kernel SECUNIA ADVISORY ID: SA46947 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46947/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46947 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46947/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46947/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46947 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to conduct session hijacking attacks, cause a DoS (Denial of Service), and gain escalated privileges. For more information: SA41493 SA44094 SA44754 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1272-1: http://www.ubuntu.com/usn/usn-1272-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 20:46:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 05:46:37 +0100 Subject: [SEC] [SA46960] HP-UX update for Tomcat Servlet Engine Message-ID: <201111230446.pAN4kbBD030601@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP-UX update for Tomcat Servlet Engine SECUNIA ADVISORY ID: SA46960 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46960/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46960 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46960/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46960/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46960 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has issued an update for Tomcat Servlet Engine in HP-UX. This fixes some weaknesses, a security issue, and multiple vulnerabilities, which can be exploited by malicious, local users to disclose sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service). For more information: SA43198 SA44981 SA45232 SA45641 SA45748 The weaknesses, security issue, and vulnerabilities are reported in HP-UX B.11.23 and B.11.31 running HP-UX Apache Web Server Suite v3.19 or prior. SOLUTION: Update to Web Server Suite v3.20. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: HPSBUX02725 SSRT100627: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03090723 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 21:12:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 06:12:06 +0100 Subject: [SEC] [SA46948] Ubuntu update for linux-fsl-imx51 Message-ID: <201111230512.pAN5C6D7021202@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-fsl-imx51 SECUNIA ADVISORY ID: SA46948 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46948/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46948 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46948/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46948/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46948 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-fsl-imx51. This fixes two weaknesses and a vulnerability, which can be exploited by malicious, local users to conduct session hijacking attacks and by malicious people to cause a DoS (Denial of Service). For more information: SA41493 SA45236 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1271-1: http://www.ubuntu.com/usn/usn-1271-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 21:46:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 06:46:39 +0100 Subject: [SEC] [SA46943] SUSE update for bind Message-ID: <201111230546.pAN5kdYx012261@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for bind SECUNIA ADVISORY ID: SA46943 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46943/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46943 RELEASE DATE: 2011-11-22 DISCUSS ADVISORY: http://secunia.com/advisories/46943/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46943/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46943 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46887 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1268-1 https://hermes.opensuse.org/messages/12586828 SUSE-SU-2011:1270-1: https://hermes.opensuse.org/messages/12587046 openSUSE-SU-2011:1272-1: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00029.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 22 22:11:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 07:11:48 +0100 Subject: [SEC] [SA46963] Mac RealPlayer Multiple Vulnerabilities Message-ID: <201111230611.pAN6BmSK002786@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Mac RealPlayer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46963 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46963/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46963 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46963/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46963/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46963 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mac RealPlayer, which can be exploited by malicious people to compromise a user's system. For more information: SA46954 The vulnerabilities are reported in versions 12.0.0.1701 and prior. SOLUTION: Update to version 12.0.0.1703. ORIGINAL ADVISORY: http://service.real.com/realplayer/security/11182011_player/en/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 10:32:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 19:32:13 +0100 Subject: [SEC] [SA46972] Red Hat update for kernel Message-ID: <201111231832.pANIWDks029983@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA46972 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46972/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46972 RELEASE DATE: 2011-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/46972/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46972/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46972 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and potentially gain escalated privileges and by malicious people to cause a DoS (Denial of Service). For more information: SA43576 SA43846 SA45420 SA45489 SA45695 SA45936 1) The weakness is caused due to an error within the handling of VLAN 0 frames with the priority tag set, which can be exploited to cause a kernel panic. SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Gideon Naim. ORIGINAL ADVISORY: RHSA-2011:1465-01: https://rhn.redhat.com/errata/RHSA-2011-1465.html Red Hat Bug#742846: https://bugzilla.redhat.com/show_bug.cgi?id=742846 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 11:31:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 20:31:37 +0100 Subject: [SEC] [SA46925] Namazu Unspecified Cross-Site Scripting Vulnerability Message-ID: <201111231931.pANJVbG1022325@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Namazu Unspecified Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46925 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46925/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46925 RELEASE DATE: 2011-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/46925/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46925/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46925 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Namazu, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 2.0.20 and prior. SOLUTION: Update to version 2.0.21. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.namazu.org/security.html#cross-site-scripting OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 12:35:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 21:35:49 +0100 Subject: [SEC] [SA46976] IBM AIX Perl Digest Module "Digest->new()" Code Injection Vulnerability Message-ID: <201111232035.pANKZnh4014901@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM AIX Perl Digest Module "Digest->new()" Code Injection Vulnerability SECUNIA ADVISORY ID: SA46976 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46976/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46976 RELEASE DATE: 2011-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/46976/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46976/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46976 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in the Digest module for Perl included in AIX, which can be exploited by malicious people to compromise an application using the vulnerable module. For more information: SA46279 SOLUTION: Apply interim fixes or APARs (please see the vendor's advisory for more information). ORIGINAL ADVISORY: IBM: http://aix.software.ibm.com/aix/efixes/security/perl_advisory2.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 13:31:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 22:31:41 +0100 Subject: [SEC] [SA46967] Fedora update for phpMyAdmin Message-ID: <201111232131.pANLVf0A007063@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for phpMyAdmin SECUNIA ADVISORY ID: SA46967 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46967/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46967 RELEASE DATE: 2011-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/46967/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46967/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46967 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for phpMyAdmin. This fixes a vulnerability, which can be exploited by malicious users to disclose potentially sensitive information. For more information: SA46447 SOLUTION: Apply updated packages via the yum utility ("yum update phpMyAdmin"). ORIGINAL ADVISORY: FEDORA-2011-15831: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069649.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 14:25:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 23:25:37 +0100 Subject: [SEC] [SA46977] IBM Java Multiple Vulnerabilities Message-ID: <201111232225.pANMPbIS031496@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM Java Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46977 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46977/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46977 RELEASE DATE: 2011-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/46977/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46977/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46977 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged multiple vulnerabilities in IBM Java, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA46512 SOLUTION: Update to version SR13. ORIGINAL ADVISORY: http://www.ibm.com/developerworks/java/jdk/alerts/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 14:46:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 23 Nov 2011 23:46:38 +0100 Subject: [SEC] [SA46934] Debian update for puppet Message-ID: <201111232246.pANMkcYs021871@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for puppet SECUNIA ADVISORY ID: SA46934 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46934/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46934 RELEASE DATE: 2011-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/46934/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46934/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46934 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for puppet. This fixes a vulnerability, which can be exploited by malicious users to conduct spoofing attacks. For more information: SA46550 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2352-1: http://www.debian.org/security/2011/dsa-2352 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 15:11:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 00:11:52 +0100 Subject: [SEC] [SA46971] HP Operations / Performance Agent Unauthorized Directory Access Vulnerability Message-ID: <201111232311.pANNBqlK012460@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP Operations / Performance Agent Unauthorized Directory Access Vulnerability SECUNIA ADVISORY ID: SA46971 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46971/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46971 RELEASE DATE: 2011-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/46971/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46971/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46971 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in HP Performance Agent and HP Operations Agent, which can be exploited by malicious, local users to bypass certain security restrictions. The vulnerability is cause due to an unspecified error and can be exploited to gain unauthorized access to a directory. The vulnerability is reported in the following products running on AIX, HP-UX, Linux, and Solaris: * HP Performance Agent versions 4.73 and 5.0. * HP Operations Agent 11.0. SOLUTION: Apply patch or hotfix. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: HPSBMU02726 SSRT100685: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03091656 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 15:46:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 00:46:30 +0100 Subject: [SEC] [SA46914] Ubuntu update for firefox Message-ID: <201111232346.pANNkUBd003520@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for firefox SECUNIA ADVISORY ID: SA46914 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46914/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46914 RELEASE DATE: 2011-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/46914/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46914/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46914 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for firefox. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and potentially compromise a user's system. For more information: SA46773 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1277-1: http://www.ubuntu.com/usn/usn-1277-1/ USN-1277-2: http://www.ubuntu.com/usn/usn-1277-2/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 16:12:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 01:12:18 +0100 Subject: [SEC] [SA46938] SUSE update for NetworkManager Message-ID: <201111240012.pAO0CId6026550@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for NetworkManager SECUNIA ADVISORY ID: SA46938 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46938/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46938 RELEASE DATE: 2011-11-23 DISCUSS ADVISORY: http://secunia.com/advisories/46938/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46938/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46938 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for NetworkManager. This fixes two weaknesses, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct spoofing attacks. For more information: SA44858 1) The weakness is caused due the application not properly checking if the ESSID matches the certificate's subject when using PEAP or EAP-TTLS for 802.11X authentication. This can be exploited to e.g. conduct Man-in-the-Middle (MitM) attacks. SOLUTION: Apply updated packages via the zypper package manager. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: SUSE-SA:2011:045: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00030.html openSUSE-SU-2011:1273-1: http://lists.opensuse.org/opensuse-updates/2011-11/msg00025.html Ludwig Nussel: http://www.suse.de/~lnussel/The_Evil_Twin_problem_with_WPA2-Enterprise_v1.1.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 16:46:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 01:46:36 +0100 Subject: [SEC] [SA46931] Gentoo update for tintin Message-ID: <201111240046.pAO0kauN017594@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for tintin SECUNIA ADVISORY ID: SA46931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46931 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for tintin. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), manipulate data, or compromise a user's system. For more information: SA28833 SOLUTION: Update to "games-mud/tintin-1.98.0" or later. ORIGINAL ADVISORY: GLSA 201111-07: http://www.gentoo.org/security/en/glsa/glsa-201111-07.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 17:13:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 02:13:56 +0100 Subject: [SEC] [SA46916] SUSE update for perf Message-ID: <201111240113.pAO1DuHe008307@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for perf SECUNIA ADVISORY ID: SA46916 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46916/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46916 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46916/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46916/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46916 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for perf. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information see vulnerability #1 in: SA45489 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1258-1: https://hermes.opensuse.org/messages/12470848 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 17:47:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 02:47:05 +0100 Subject: [SEC] [SA46915] ejabberd "" Stanza Parsing Denial of Service Vulnerability Message-ID: <201111240147.pAO1l5iI031682@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: ejabberd "" Stanza Parsing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46915 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46915/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46915 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46915/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46915/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46915 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ejabberd, which can be exploited by malicious users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the mod_pubsub module when parsing certain stanzas. This can be exploited to trigger an infinite loop via a specially crafted "" stanza. The vulnerability is reported in versions prior to 2.1.9. SOLUTION: Update to version 2.1.9. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.process-one.net/en/ejabberd/release_notes/release_note_ejabberd_2.1.9 https://support.process-one.net/browse/EJAB-1498 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 18:11:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 03:11:31 +0100 Subject: [SEC] [SA46928] Gentoo update for tar Message-ID: <201111240211.pAO2BV7L022244@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gentoo update for tar SECUNIA ADVISORY ID: SA46928 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46928/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46928 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46928/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46928/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46928 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gentoo has issued an update for tar. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a vulnerable system. For more information: SA38836 SOLUTION: Update to "app-arch/tar-1.23" or later. ORIGINAL ADVISORY: GLSA 201111-11: http://www.gentoo.org/security/en/glsa/glsa-201111-11.xml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 23 18:46:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 03:46:37 +0100 Subject: [SEC] [SA46939] SUSE update for empathy Message-ID: <201111240246.pAO2kbVa013335@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for empathy SECUNIA ADVISORY ID: SA46939 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46939/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46939 RELEASE DATE: 2011-11-21 DISCUSS ADVISORY: http://secunia.com/advisories/46939/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46939/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46939 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for empathy. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA46510 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1257-1: http://lists.opensuse.org/opensuse-updates/2011-11/msg00021.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 24 10:32:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 19:32:54 +0100 Subject: [SEC] [SA46987] Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness Message-ID: <201111241832.pAOIWs21019126@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness SECUNIA ADVISORY ID: SA46987 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46987/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46987 RELEASE DATE: 2011-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/46987/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46987/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46987 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Prutha Parikh has reported a weakness in Apache HTTP Server, which can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to the mod_proxy module, when configured in reverse proxy mode, incorrectly processing certain web requests. This can be exploited to send requests to an unintended server behind the proxy via a specially crafted URL. This is caused due to an incomplete fix for: SA46288 The weakness is reported in all 2.x versions. SOLUTION: Edit reverse proxy rules. PROVIDED AND/OR DISCOVERED BY: Prutha Parikh, Qualys. ORIGINAL ADVISORY: Apache: http://thread.gmane.org/gmane.comp.apache.devel/46440 Qualys: https://community.qualys.com/blogs/securitylabs/tags/cve-2011-4317 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 24 11:33:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 20:33:23 +0100 Subject: [SEC] [SA46944] PrestaShop Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201111241933.pAOJXNQH011503@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: PrestaShop Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46944 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46944/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46944 RELEASE DATE: 2011-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/46944/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46944/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46944 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dognaedis has discovered multiple vulnerabilities in PrestaShop, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed via the "num_mode" and "relativ_base_dir" parameters to modules/mondialrelay/kit_mondialrelay/RechercheDetailPointRelais_ajax.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "address", "relativ_base_dir", "Pays", "Ville", "CP", "Poids", "Action", and "num" parameters to modules/mondialrelay/googlemap.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 1.4.4.1. Other versions may also be affected. SOLUTION: Update to version 1.4.5.1 or later. PROVIDED AND/OR DISCOVERED BY: Dognaedis ORIGINAL ADVISORY: DGS-SEC-5: https://www.dognaedis.com/vulns/DGS-SEC-5.html DGS-SEC-6: https://www.dognaedis.com/vulns/DGS-SEC-6.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 24 12:33:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 21:33:47 +0100 Subject: [SEC] [SA46968] PmWiki pagelist "order" Code Injection Vulnerability Message-ID: <201111242033.pAOKXl8e003941@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: PmWiki pagelist "order" Code Injection Vulnerability SECUNIA ADVISORY ID: SA46968 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46968/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46968 RELEASE DATE: 2011-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/46968/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46968/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46968 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in PmWiki, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "order" argument of a pagelist directive within a PmWiki page is not properly verified before being used in a "create_function()" call in scripts/pagelist.php. This can be exploited to inject and execute arbitrary PHP code. The vulnerability is confirmed in version 2.2.34. Prior version may also be affected. SOLUTION: Update to version 2.2.35. PROVIDED AND/OR DISCOVERED BY: Egidio Romano aka EgiX ORIGINAL ADVISORY: PmWiki: http://www.pmwiki.org/wiki/PmWiki/ChangeLog#v2235 http://www.pmwiki.org/wiki/PITS/01271 EgiX: http://www.exploit-db.com/exploits/18149/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 24 13:50:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 22:50:08 +0100 Subject: [SEC] [SA46956] Horde Multiple Products Private Tasks Security Bypass Security Issue Message-ID: <201111242150.pAOLo8hE029812@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Horde Multiple Products Private Tasks Security Bypass Security Issue SECUNIA ADVISORY ID: SA46956 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46956/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46956 RELEASE DATE: 2011-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/46956/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46956/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46956 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in multiple Horde products, which can be exploited by malicious users to bypass certain security restrictions. The security issue is caused due to access not being properly restricted to private tasks and can be exploited to disclose the details via the API. The security issue is reported in the following versions: * Horde Groupware versions prior to 4.0.4. * Horde Groupware Webmail Edition versions prior to 4.0.4. * Nag versions prior to 3.0.6. SOLUTION: Update to a fixed version. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by samuel.wolf in an Nag bug report. ORIGINAL ADVISORY: http://lists.horde.org/archives/announce/2011/000723.html http://lists.horde.org/archives/announce/2011/000724.html http://lists.horde.org/archives/announce/2011/000725.html http://bugs.horde.org/ticket/10712 http://git.horde.org/horde-git/-/commit/675142a76a0e5842282cab6abffa3c1f15bf2c93 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 24 14:29:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 23:29:46 +0100 Subject: [SEC] [SA46984] Oracle Solaris ISC BIND Recursive Query Processing Denial of Service Vulnerability Message-ID: <201111242229.pAOMTkTX016576@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Oracle Solaris ISC BIND Recursive Query Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46984 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46984/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46984 RELEASE DATE: 2011-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/46984/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46984/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46984 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in BIND included in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46887 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://blogs.oracle.com/sunsecurity/entry/cve_2011_4313_denial_of OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 24 14:47:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 24 Nov 2011 23:47:41 +0100 Subject: [SEC] [SA46911] Jenkins winstone Servlet Container Script Insertion Vulnerability Message-ID: <201111242247.pAOMlfRs006796@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Jenkins winstone Servlet Container Script Insertion Vulnerability SECUNIA ADVISORY ID: SA46911 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46911/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46911 RELEASE DATE: 2011-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/46911/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46911/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46911 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Jenkins, which can be exploited by malicious people to conduct script insertion attacks. Certain input passed to the winstone servlet container is not properly sanitised in error messages before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerability is reported in versions prior to 1.438 and 1.409.3. SOLUTION: Update to version 1.438 or 1.409.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Luca De Fulgentis. ORIGINAL ADVISORY: http://groups.google.com/group/jenkinsci-advisories/browse_thread/thread/6bc49fcaf6b565a3 http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 24 15:12:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Nov 2011 00:12:53 +0100 Subject: [SEC] [SA46989] SUSE update for perl Message-ID: <201111242312.pAONCrq0029773@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for perl SECUNIA ADVISORY ID: SA46989 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46989/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46989 RELEASE DATE: 2011-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/46989/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46989/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46989 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for perl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA46172 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1278-1: http://lists.opensuse.org/opensuse-updates/2011-11/msg00026.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 24 15:48:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Nov 2011 00:48:08 +0100 Subject: [SEC] [SA46986] IBM System Storage TS3100 / TS3200 Tape Library Express Security Bypass Security Issue Message-ID: <201111242348.pAONm88f020885@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM System Storage TS3100 / TS3200 Tape Library Express Security Bypass Security Issue SECUNIA ADVISORY ID: SA46986 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46986/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46986 RELEASE DATE: 2011-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/46986/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46986/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46986 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in IBM System Storage TS3100 and TS3200 Tape Library Express, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error within the authentication mechanism and can be exploited to gain access to the library administration. The security issue is reported in versions prior to A.60. SOLUTION: Update to version A.60. PROVIDED AND/OR DISCOVERED BY: The vendor credits Martin Murfitt, Trustwave's SpiderLabs. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=ssg1S1003938 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 24 16:14:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Nov 2011 01:14:26 +0100 Subject: [SEC] [SA46898] Novell NetWare XNFS.NLM "xdrDecodeString()" Buffer Overflow Vulnerability Message-ID: <201111250014.pAP0EQoN011535@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Novell NetWare XNFS.NLM "xdrDecodeString()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46898 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46898/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46898 RELEASE DATE: 2011-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/46898/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46898/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46898 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell NetWare, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the "xdrDecodeString()" function in XNFS.NLM when processing certain NFS requests. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted datagram. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in version 6.5 SP8. SOLUTION: Apply security fix xnfs8d.zip Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Francis Provencher, Protek Research Lab's via ZDI. ORIGINAL ADVISORY: Novell (5117430): http://download.novell.com/Download?buildid=Cfw1tDezgbw~ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Nov 24 16:48:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Nov 2011 01:48:54 +0100 Subject: [SEC] [SA46969] WordPress MeeNews Plugin "idnews" Cross-Site Scripting Vulnerability Message-ID: <201111250048.pAP0mshF002549@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: WordPress MeeNews Plugin "idnews" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46969 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46969/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46969 RELEASE DATE: 2011-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/46969/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46969/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46969 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the MeeNews plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "idnews" parameter in wp-admin/admin.php (when "page" is set to "newsletter_manager.php" and "acc" is set to "edit") is not properly sanitised in wp-content/plugins/meenews/inc/tpl/mee_editot_newsletter.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 5.1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Mister Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 10:38:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Nov 2011 19:38:04 +0100 Subject: [SEC] [SA46951] MyBB Multiple Vulnerabilities Message-ID: <201111251838.pAPIc4Bj014708@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: MyBB Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46951 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46951/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46951 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46951/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46951/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46951 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in MyBB, where one has an unknown impact and others can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) An error related to an unparsed avatar in the buddy list exists. No further information is currently available. 2) Input passed via the username is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. change the language setting when a logged-in user visits a specially crafted web page. The vulnerabilities are reported in versions prior to 1.6.5. SOLUTION: Update to version 1.6.5. PROVIDED AND/OR DISCOVERED BY: 3) Nathan Malcolm within a MyBB bug report The vendor credits: 1) labrocca 2) Will G ORIGINAL ADVISORY: MyBB: http://blog.mybb.com/2011/11/25/mybb-1-6-5-released-feature-update-security-maintenance-release/ http://dev.mybb.com/issues/1729 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 11:35:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Nov 2011 20:35:02 +0100 Subject: [SEC] [SA46912] Ubuntu update for linux-ti-omap4 Message-ID: <201111251935.pAPJZ2AB006928@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-ti-omap4 SECUNIA ADVISORY ID: SA46912 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46912/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46912 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46912/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46912/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46912 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-ti-omap4. This fixes two vulnerabilities, which can be exploited by malicious, local users to conduct session hijacking attacks and cause a DoS (Denial of Service). For more information: SA41493 SA44094 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1280-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-November/001499.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 12:35:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Nov 2011 21:35:07 +0100 Subject: [SEC] [SA46982] Ubuntu update for linux-ti-omap4 Message-ID: <201111252035.pAPKZ7Pe031689@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-ti-omap4 SECUNIA ADVISORY ID: SA46982 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46982/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46982 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46982/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46982/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46982 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-ti-omap4. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges and by malicious people to cause a DoS. For more information: SA44094 SA44754 SA44986 SA45489 SA45936 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1281-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-November/001500.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 13:35:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Nov 2011 22:35:45 +0100 Subject: [SEC] [SA46980] Koha "KohaOpacLanguage" Local File Inclusion Vulnerability Message-ID: <201111252135.pAPLZjMn024087@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Koha "KohaOpacLanguage" Local File Inclusion Vulnerability SECUNIA ADVISORY ID: SA46980 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46980/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46980 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46980/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46980/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46980 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Akin Tosunlar has discovered a vulnerability in Koha, which can be exploited by malicious people to disclose sensitive information. Input passed to the "KohaOpacLanguage" cookie value in cgi-bin/koha/mainpage.pl is not properly verified in cgi-bin/opac/opac-main.pl before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. The vulnerability is confirmed in version 4.02.06. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Akin Tosunlar, Vigasis Labs ORIGINAL ADVISORY: Vigasis Labs: http://www.vigasis.com/en/?guncel_guvenlik=LibLime%20Koha%20%3C=%204.2%20Local%20File%20Inclusion%20Vulnerability&lnk=exploits/18153 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 14:29:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Nov 2011 23:29:20 +0100 Subject: [SEC] [SA46983] iTop Multiple Cross-Site Scripting and Code Injection Vulnerabilities Message-ID: <201111252229.pAPMTKv9016117@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: iTop Multiple Cross-Site Scripting and Code Injection Vulnerabilities SECUNIA ADVISORY ID: SA46983 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46983/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46983 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46983/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46983/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46983 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in iTop, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. 1) Input passed to the "auth_user" and "suggest_pwd" parameters in pages/UI.php and the "c[menu]" parameter in pages/UniversalSearch.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "description" parameter in pages/UI.php (when "operation" is set to "new" and "class" is set to "Problem") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "category" parameter in pages/audit.php (when "operation" is set to "errors") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed via the "name" parameter to pages/php-ofc-library/ofc_upload_image.php is not properly verified before being used to create files. This can be exploited to inject and execute arbitrary PHP code. The vulnerabilities are confirmed in version 1.1.0-181. Prior versions may also be affected. SOLUTION: Update to version 1.2.0-299. PROVIDED AND/OR DISCOVERED BY: 1-3) Tobias Glemser, Tele-Consulting security networking training GmbH, Germany 4) The vendor credits Sabri S ORIGINAL ADVISORY: iTop: http://sourceforge.net/apps/trac/itop/ticket/446 Tobias Glemser: http://www.tele-consulting.com/advisories/TC-SA-2011-02.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 14:49:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 25 Nov 2011 23:49:45 +0100 Subject: [SEC] [SA46994] Ubuntu update for linux-lts-backport-maverick Message-ID: <201111252249.pAPMnjWJ006468@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-lts-backport-maverick SECUNIA ADVISORY ID: SA46994 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46994/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46994 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46994/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46994/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46994 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-lts-backport-maverick. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to conduct session hijacking attacks, cause a DoS (Denial of Service), and gain escalated privileges. For more information: SA41493 SA44094 SA44754 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1278-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-November/001497.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 15:14:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Nov 2011 00:14:46 +0100 Subject: [SEC] [SA46995] Ubuntu update for linux-lts-backport-natty Message-ID: <201111252314.pAPNEkAe029440@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-lts-backport-natty SECUNIA ADVISORY ID: SA46995 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46995/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46995 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46995/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46995/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46995 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-lts-backport-natty. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), and gain escalated privileges. For more information: SA44754 SA45489 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1279-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-November/001498.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 15:50:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Nov 2011 00:50:40 +0100 Subject: [SEC] [SA46940] colord Multiple SQL Injection Vulnerabilities Message-ID: <201111252350.pAPNoe5E020586@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: colord Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA46940 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46940/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46940 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46940/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46940/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46940 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in colord, which can be exploited by malicious, local users to conduct SQL injection attacks. Certain unspecified input is not properly sanitised in cd-mapping-db.c and cd-device-db.c before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Ludwig Nussel in a bug report. ORIGINAL ADVISORY: https://bugs.freedesktop.org/show_bug.cgi?id=42904 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 16:15:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Nov 2011 01:15:11 +0100 Subject: [SEC] [SA46988] Fedora update for net6 Message-ID: <201111260015.pAQ0FB7i011153@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for net6 SECUNIA ADVISORY ID: SA46988 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46988/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46988 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46988/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46988/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46988 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for net6. This fixes two weaknesses, which can be exploited by malicious people to disclose certain information and conduct session hijacking attacks. For more information: SA46605 SOLUTION: Apply updated packages via the yum utility ("yum update net6"). ORIGINAL ADVISORY: FEDORA-2011-15332: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069822.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 16:50:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Nov 2011 01:50:19 +0100 Subject: [SEC] [SA46974] SRWare Iron Multiple Vulnerabilities Message-ID: <201111260050.pAQ0oJri002184@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SRWare Iron Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46974 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46974/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46974 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46974/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46974/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46974 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in SRWare Iron, where some have unknown impacts and others can be exploited by malicious people to bypass certain security restrictions, conduct spoofing and cross-site scripting attacks, and potentially compromise a user's system. For more information: SA46594 SOLUTION: Update to version 15.0.900.1. ORIGINAL ADVISORY: http://www.srware.net/forum/viewtopic.php?f=18&t=2753 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 17:17:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Nov 2011 02:17:47 +0100 Subject: [SEC] [SA46926] Debian update for ldns Message-ID: <201111260117.pAQ1Hlsu025332@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Debian update for ldns SECUNIA ADVISORY ID: SA46926 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46926/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46926 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46926/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46926/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46926 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for ldns. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. For more information: SA46153 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2353-1: http://www.debian.org/security/2011/dsa-2353 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 17:50:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Nov 2011 02:50:06 +0100 Subject: [SEC] [SA46990] Fedora update for phpldapadmin Message-ID: <201111260150.pAQ1o6MY016299@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for phpldapadmin SECUNIA ADVISORY ID: SA46990 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46990/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46990 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46990/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46990/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46990 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for phpldapadmin. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. For more information: SA46551 SOLUTION: Apply updated packages via the yum utility ("yum update phpldapadmin"). ORIGINAL ADVISORY: FEDORA-2011-14986: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069724.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 18:15:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Nov 2011 03:15:18 +0100 Subject: [SEC] [SA46985] Red Hat update for java-1.5.0-ibm Message-ID: <201111260215.pAQ2FISp006894@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for java-1.5.0-ibm SECUNIA ADVISORY ID: SA46985 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46985/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46985 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46985/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46985/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46985 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for java-1.5.0-ibm. This fixes multiple vulnerabilities, which can be exploited by malicious users to disclose certain information and by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system. For more information: SA46977 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1478-01: https://rhn.redhat.com/errata/RHSA-2011-1478.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Nov 25 18:50:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 26 Nov 2011 03:50:09 +0100 Subject: [SEC] [SA46993] Ubuntu update for linux-ec2 Message-ID: <201111260250.pAQ2o9FC030368@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-ec2 SECUNIA ADVISORY ID: SA46993 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46993/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46993 RELEASE DATE: 2011-11-25 DISCUSS ADVISORY: http://secunia.com/advisories/46993/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46993/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46993 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-ec2. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service). For more information: SA40205 SA44094 SA44754 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1269-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-November/001496.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 28 10:36:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 28 Nov 2011 19:36:18 +0100 Subject: [SEC] [SA46979] Siemens Automation License Manager Denial of Service and ActiveX Control Vulnerabilities Message-ID: <201111281836.pASIaIon020752@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Siemens Automation License Manager Denial of Service and ActiveX Control Vulnerabilities SECUNIA ADVISORY ID: SA46979 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46979/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46979 RELEASE DATE: 2011-11-28 DISCUSS ADVISORY: http://secunia.com/advisories/46979/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46979/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46979 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in Siemens Automation License Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) and manipulate certain data. 1) An error in almsrvx.exe when processing certain requests can be exploited to cause an unhandled exception and terminate the service via a specially crafted packet sent to TCP port 4410. 2) An NULL pointer dereference error in almsrvx.exe when processing certain requests can be exploited to crash the service via a specially crafted packet sent to TCP port 4410. 3) The insecure "Save()" method in the ALMListView.ALMListCtrl ActiveX control (almaxcx.dll) can be exploited to create or overwrite arbitrary files with empty content in the context of the currently logged-on user. The vulnerabilities are confirmed in version 5.1 Upd1 (almsrvx.exe version 501.1.102.1). Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/almsrvx_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 28 11:38:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 28 Nov 2011 20:38:07 +0100 Subject: [SEC] [SA47036] Joomla! Fabrik Component Import CSV Arbitrary File Upload Vulnerability Message-ID: <201111281938.pASJc7XX013199@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Joomla! Fabrik Component Import CSV Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA47036 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47036/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47036 RELEASE DATE: 2011-11-28 DISCUSS ADVISORY: http://secunia.com/advisories/47036/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47036/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47036 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ismail Kaleem has discovered a vulnerability in the Fabrik component for Joomla!, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to the models/importcsv.php script improperly verifying uploaded files. This can be exploited to execute arbitrary PHP code by uploading a PHP file. Successful exploitation requires "Manager" privileges. The vulnerability is confirmed in version 2.1. Prior versions may also be affected. SOLUTION: Update to version 2.1.1. PROVIDED AND/OR DISCOVERED BY: Ismail Kaleem via Vulnerability Research Laboratory ORIGINAL ADVISORY: Fabrik: http://www.ohloh.net/p/3417/commits/145749116 Vulnerability Research Laboratory: http://www.vulnerability-lab.com/get_content.php?id=342 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 28 12:36:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 28 Nov 2011 21:36:09 +0100 Subject: [SEC] [SA46978] Ubuntu update for thunderbird Message-ID: <201111282036.pASKa93S005461@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for thunderbird SECUNIA ADVISORY ID: SA46978 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46978/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46978 RELEASE DATE: 2011-11-28 DISCUSS ADVISORY: http://secunia.com/advisories/46978/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46978/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46978 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, conduct cross-site scripting attacks, and potentially compromise a user's system. For more information: SA46773 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1282-1: http://www.ubuntu.com/usn/usn-1282-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 28 13:34:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 28 Nov 2011 22:34:17 +0100 Subject: [SEC] [SA47039] OpenVZ update for kernel Message-ID: <201111282134.pASLYHex030111@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: OpenVZ update for kernel SECUNIA ADVISORY ID: SA47039 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47039/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47039 RELEASE DATE: 2011-11-28 DISCUSS ADVISORY: http://secunia.com/advisories/47039/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47039/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47039 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: OpenVZ has issued an update for the kernel. This fixes two weaknesses and multiple vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, conduct session hijacking attacks, and cause a DoS (Denial of Service), by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), and by malicious people to cause a DoS (Denial of Service). For more information: SA46543 SOLUTION: Update kernel branch RHEL5 to version 028stab095.1. ORIGINAL ADVISORY: http://wiki.openvz.org/Download/kernel/rhel5/028stab095.1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 28 14:29:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 28 Nov 2011 23:29:11 +0100 Subject: [SEC] [SA47043] Fedora update for bind Message-ID: <201111282229.pASMTBku022201@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for bind SECUNIA ADVISORY ID: SA47043 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47043/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47043 RELEASE DATE: 2011-11-28 DISCUSS ADVISORY: http://secunia.com/advisories/47043/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47043/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47043 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46887 SOLUTION: Apply updated packages via the yum utility ("yum update bind"). ORIGINAL ADVISORY: FEDORA-2011-16002: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069970.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 28 14:48:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 28 Nov 2011 23:48:39 +0100 Subject: [SEC] [SA46973] Celery Argument Processing Privilege Escalation Security Issue Message-ID: <201111282248.pASMmdQk012498@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Celery Argument Processing Privilege Escalation Security Issue SECUNIA ADVISORY ID: SA46973 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46973/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46973 RELEASE DATE: 2011-11-28 DISCUSS ADVISORY: http://secunia.com/advisories/46973/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46973/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46973 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Celery, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to an error when handling certain arguments passed to the daemon process, which can lead to certain files being created with insecure permissions. This can be exploited to send messages or execute code with escalated privileges. The security issue is reported in versions prior to 2.4.4. SOLUTION: Update to version 2.4.4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Celery: https://github.com/ask/celery/blob/master/docs/sec/CELERYSA-0001.txt https://github.com/ask/celery/pull/544 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Nov 28 15:14:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Nov 2011 00:14:03 +0100 Subject: [SEC] [SA47033] SUSE update for OFED Message-ID: <201111282314.pASNE3Yr003056@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for OFED SECUNIA ADVISORY ID: SA47033 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47033/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47033 RELEASE DATE: 2011-11-28 DISCUSS ADVISORY: http://secunia.com/advisories/47033/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47033/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47033 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for OFED. This fixes two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA42128 SA45861 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1283-1: https://hermes.opensuse.org/messages/12631003 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 29 10:32:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Nov 2011 19:32:21 +0100 Subject: [SEC] [SA46998] Gitblit Repository Clone Authentication Bypass Vulnerability Message-ID: <201111291832.pATIWLOj019734@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Gitblit Repository Clone Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA46998 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46998/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46998 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/46998/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46998/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46998 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Gitblit, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the authentication mechanism, which can be exploited to clone a restricted repository by providing arbitrary login data. The vulnerability is reported in versions prior to 0.7.0. SOLUTION: Update to version 0.7.0. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://gitblit.com/releases.html http://code.google.com/p/gitblit/issues/detail?id=28 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 29 11:32:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Nov 2011 20:32:33 +0100 Subject: [SEC] [SA47029] MediaWiki Private Page Title Disclosure Weakness Message-ID: <201111291932.pATJWXkx012109@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: MediaWiki Private Page Title Disclosure Weakness SECUNIA ADVISORY ID: SA47029 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47029/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47029 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/47029/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47029/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47029 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been discovered in MediaWiki, which can be exploited by malicious people to disclose potentially sensitive information. The weakness is caused due to the "preliminaryChecks()" function improperly verifying requests when the "curid" parameter is set and can be exploited to disclose the titles of pages on a private wiki. NOTE: An additional weakness exists when handling certain AJAX requests, which can be exploited to identify the presence of a file on a private wiki by supplying a filename in a request. The weakness is confirmed in version 1.17.0. Prior versions may also be affected. SOLUTION: Update to version 1.17.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Alexandre Emsenhuber. ORIGINAL ADVISORY: MediaWiki: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 29 12:33:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Nov 2011 21:33:02 +0100 Subject: [SEC] [SA46959] Oracle Mojarra EL Expression Evaluation Security Bypass Message-ID: <201111292033.pATKX2cH004497@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Oracle Mojarra EL Expression Evaluation Security Bypass SECUNIA ADVISORY ID: SA46959 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46959/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46959 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/46959/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46959/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46959 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Oracle Mojarra, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error when parsing parameters in a Java Bean, which can lead to certain parameters being evaluated as an EL (expression language) expression. Successful exploitation requires that "includeViewParameters" is set to "true" in the Java Bean. SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported in a Mojarra bug report. ORIGINAL ADVISORY: http://java.net/jira/browse/JAVASERVERFACES-2247 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 29 13:32:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Nov 2011 22:32:17 +0100 Subject: [SEC] [SA47048] Apache MyFaces EL Expression Evaluation Security Bypass Message-ID: <201111292132.pATLWHlw029220@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Apache MyFaces EL Expression Evaluation Security Bypass SECUNIA ADVISORY ID: SA47048 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47048/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47048 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/47048/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47048/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47048 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Apache MyFaces, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA46959 SOLUTION: Apply patch. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Originally reported in Oracle Mojarra. ORIGINAL ADVISORY: https://issues.apache.org/jira/browse/MYFACES-3405 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 29 14:26:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Nov 2011 23:26:27 +0100 Subject: [SEC] [SA47027] Fedora update for kernel Message-ID: <201111292226.pATMQRGk021295@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for kernel SECUNIA ADVISORY ID: SA47027 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47027/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47027 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/47027/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47027/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47027 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service). For more information: SA45420 SA46802 SA46803 SOLUTION: Apply updated packages via the yum utility ("yum update kernel"). ORIGINAL ADVISORY: FEDORA-2011-16346: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070272.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 29 14:48:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 29 Nov 2011 23:48:56 +0100 Subject: [SEC] [SA46991] Virtual Vertex Muster Web Interface Directory Traversal Vulnerability Message-ID: <201111292248.pATMmuJL011747@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Virtual Vertex Muster Web Interface Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA46991 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46991/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46991 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/46991/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46991/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46991 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Nick Freeman has discovered a vulnerability in Virtual Vertex Muster, which can be exploited by malicious people to disclose sensitive information. Input passed to the web interface is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences. The vulnerability is confirmed in version 6.1.6. Other versions may also be affected. SOLUTION: Update to version 6.2.0. PROVIDED AND/OR DISCOVERED BY: Nick Freeman, Security-Assessment.com. ORIGINAL ADVISORY: http://www.security-assessment.com/files/documents/advisory/Muster-Arbitrary_File_Download.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 29 15:12:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 30 Nov 2011 00:12:22 +0100 Subject: [SEC] [SA47047] Avid Media Composer Phonetic Indexer Packet Processing Buffer Overflow Vulnerability Message-ID: <201111292312.pATNCM4m002192@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Avid Media Composer Phonetic Indexer Packet Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47047 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47047/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47047 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/47047/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47047/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47047 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Nick Freeman has discovered a vulnerability in Avid Media Composer, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the Phonetic Indexer (AvidPhoneticIndexer.exe) when processing packets. This can be exploited to cause a stack-based buffer overflow via specially crafted packets sent to TCP port 4659. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 5.5.3. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Nick Freeman, Security-Assessment.com. ORIGINAL ADVISORY: http://www.security-assessment.com/files/documents/advisory/Avid_Media_Composer-Phonetic_Indexer-Remote_Stack_Buffer_Overflow.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 29 15:47:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 30 Nov 2011 00:47:10 +0100 Subject: [SEC] [SA47028] Fedora update for freetype Message-ID: <201111292347.pATNlAn1025721@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Fedora update for freetype SECUNIA ADVISORY ID: SA47028 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47028/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47028 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/47028/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47028/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47028 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library. For more information: SA46575 SA46839 SOLUTION: Apply updated packages via the yum utility ("yum update freetype"). ORIGINAL ADVISORY: FEDORA-2011-15956: http://lists.fedoraproject.org/pipermail/package-announce/2011-November/070251.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 29 16:13:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 30 Nov 2011 01:13:54 +0100 Subject: [SEC] [SA47046] Schneider Electric Products Multiple Vulnerabilities Message-ID: <201111300013.pAU0Dsxk016391@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Schneider Electric Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47046 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47046/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47046 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/47046/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47046/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47046 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in multiple Schneider Electric products, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose potentially sensitive information, and compromise a user's system. 1) Two errors in the TeeChart ActiveX control can be exploited to cause buffer overflows. No further information is currently available. Successful exploitation of this vulnerability may allow execution of arbitrary code. 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Certain unspecified input passed to the web portal is not properly verified before being used to read files and can be exploited to disclose arbitrary files via directory traversal attacks. The vulnerabilities are reported in the following products: * Vijeo Historian version 4.30 and prior. * CitectHistorian version 4.30 and prior. * CitectSCADA Reports version 4.10 and prior. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Kuang-Chun Hung, Security Research and Service Institute Information and Communication Security Technology Center (ICST) via ICS-CERT. ORIGINAL ADVISORY: Schneider Electric: http://www.citect.com/index.php?option=com_content&view=article&id=1656&Itemid=1695 ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-307-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 29 16:46:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 30 Nov 2011 01:46:59 +0100 Subject: [SEC] [SA47024] Ubuntu update for update-manager Message-ID: <201111300046.pAU0kx7m007391@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for update-manager SECUNIA ADVISORY ID: SA47024 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47024/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47024 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/47024/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47024/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47024 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for update-manager. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to conduct spoofing attacks. 1) An error due to the application creating a temporary file in an insecure manner can be exploited to disclose the content of the .XAUTHORITY file. 2) An error due to the application not verifying downloaded tar files before extracting them can be exploited to e.g. overwrite arbitrary files via Man-in-the-Middle (MitM) attacks. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: David Black in bug reports. ORIGINAL ADVISORY: USN-1284-1: http://www.ubuntu.com/usn/usn-1284-1/ https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881541 https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/881548 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Nov 29 17:15:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 30 Nov 2011 02:15:06 +0100 Subject: [SEC] [SA47026] Ubuntu update for apt Message-ID: <201111300115.pAU1F6Lp030516@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for apt SECUNIA ADVISORY ID: SA47026 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47026/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47026 RELEASE DATE: 2011-11-29 DISCUSS ADVISORY: http://secunia.com/advisories/47026/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47026/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47026 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for apt. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to the application incorrectly handling the "Verify-Host" configuration option, which results in a SSL certificate's hostname being improperly validated and can be exploited to e.g. disclose repository credentials via Man-in-the-Middle (MitM) attacks. SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Blackmoon in a bug report ORIGINAL ADVISORY: USN-1283-1: http://www.ubuntu.com/usn/usn-1283-1/ https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 10:33:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 30 Nov 2011 19:33:17 +0100 Subject: [SEC] [SA46941] HP Network Node Manager i Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201111301833.pAUIXHB0008651@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: HP Network Node Manager i Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46941 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46941/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46941 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/46941/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46941/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46941 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in HP Network Node Manager i, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "node" parameter in nnm/mibdiscover and "nodename" parameter in nnm/protected/configurationpoll.jsp, nnm/protected/ping.jsp, nnm/protected/statuspoll.jsp, and nnm/protected/traceroute.jsp is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "field" POST parameter in nmm/validate (when "binderId" is set to "ConsoleBinder" and "operation" is set to "command") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 9.10.000. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: 0a29 ORIGINAL ADVISORY: http://0a29.blogspot.com/2011/11/0a29-11-1-cross-site-scripting.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 11:33:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 30 Nov 2011 20:33:07 +0100 Subject: [SEC] [SA47002] Manx Multiple Vulnerabilities Message-ID: <201111301933.pAUJX7ps000933@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Manx Multiple Vulnerabilities SECUNIA ADVISORY ID: SA47002 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47002/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47002 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/47002/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47002/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47002 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Manx, which can be exploited by malicious people to conduct HTTP response splitting and cross-site scripting attacks and compromise a vulnerable system. 1) Input passed via the URL to admin/login.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "limit" and "search_folder" parameters in admin/tiny_mce/plugins/ajaxfilemanager/ajax_get_file_listing.php and admin/tiny_mce/plugins/ajaxfilemanager_OLD/ajax_get_file_listing.php (when "search" is set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to the "editorChoice" parameter in admin/admin_blocks.php and admin/admin_pages.php and "theme" parameter in admin/admin_css.php, admin/admin_js.php, and admin/admin_templates.php is not properly sanitised before being returned to the user. This can be exploited to include arbitrary HTTP headers in a response sent to the user. 4) Input passed via arbitrary POST parameters to admin/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder.php is not properly sanitised before being used. This can be exploited to execute arbitrary PHP code. This is related to vulnerability #2 in: SA44760 The vulnerabilities are confirmed in version 1.0.1. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: 1-3) Gjoko Krstic, Zero Science Lab 4) The Librarian ORIGINAL ADVISORY: Zero Science Lab: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5058.php http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5059.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 12:31:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 30 Nov 2011 21:31:51 +0100 Subject: [SEC] [SA47001] Hastymail2 ajax.php Cross-Site Scripting Vulnerability Message-ID: <201111302031.pAUKVplh025699@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Hastymail2 ajax.php Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47001 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47001/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47001 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/47001/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47001/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47001 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Hastymail2, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised in plugins/auto_address/ajax.php before being returned to the user within an error message. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 1.1 RC2. SOLUTION: Update to version 1.1 RC2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Bruno Teixeira. ORIGINAL ADVISORY: Hastymail: http://www.hastymail.org/blogs/News/Hastymail2_1.1_RC2_Now_Available/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 13:31:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 30 Nov 2011 22:31:24 +0100 Subject: [SEC] [SA46999] IBM Tivoli Netcool/Reporter CGI Command Injection Vulnerability Message-ID: <201111302131.pAULVOpB018047@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Netcool/Reporter CGI Command Injection Vulnerability SECUNIA ADVISORY ID: SA46999 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46999/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46999 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/46999/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46999/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46999 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Tivoli Netcool/Reporter, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the application not filtering certain web requests related to CGI and can be exploited to inject and execute arbitrary shell commands. The vulnerability is reported in versions 2.2.0.0 through 2.2.0.7. SOLUTION: Update to version 2.2.0.8. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (IZ94277-813): http://www.ibm.com/support/docview.wss?uid=swg24031456 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 14:25:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 30 Nov 2011 23:25:21 +0100 Subject: [SEC] [SA46981] ExpressionEngine Two Cross-Site Scripting Vulnerabilities Message-ID: <201111302225.pAUMPLxQ010107@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: ExpressionEngine Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA46981 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46981/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46981 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/46981/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46981/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46981 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in ExpressionEngine, which can be exploited by malicious people to conduct cross-site scripting attacks. 1) A vulnerability is caused due to the "xss_clean()" function not properly filtering web requests and can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. This is related to: SA47013 2) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in version 2.2.2. Other versions may also be affected. SOLUTION: Update to version 2.3.1. PROVIDED AND/OR DISCOVERED BY: 1) Dr. Marian Ventuneac 2) Reported by the vendor ORIGINAL ADVISORY: ExpressionEngine: http://expressionengine.com/user_guide/changelog.html Dr. Marian Ventuneac: http://www.ventuneac.net/security-advisories/MVSA-11-013 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 14:46:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 30 Nov 2011 23:46:34 +0100 Subject: [SEC] [SA47014] OrangeHRM Multiple Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201111302246.pAUMkYwJ000412@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: OrangeHRM Multiple Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA47014 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47014/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47014 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/47014/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47014/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47014 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered multiple vulnerabilities in OrangeHRM, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed to the "uniqcode" and "isAdmin" parameters in index.php (when "menu_no_top" is set to "eim") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the URL to lib/controllers/CentralController.php (when "uniqcode" is set to "USR", "VIEW" is set to "MAIN", and "isAdmin" is set to "1") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "id" parameter to lib/controllers/CentralController.php (when "capturemode" is set to "updatemode" and "uniqcode" is set to "NAT") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires an "HR Admin" user. The vulnerabilities are confirmed in version 2.6.11. Other versions may also be affected. SOLUTION: Update to version 2.6.11.2. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB23057: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_orangehrm.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 15:11:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 00:11:30 +0100 Subject: [SEC] [SA47007] Ubuntu update for linux Message-ID: <201111302311.pAUNBUYn023470@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux SECUNIA ADVISORY ID: SA47007 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47007/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47007 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/47007/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47007/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47007 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux. This fixes a weakness and two vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges. For more information: SA44754 SA45489 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1285-1: http://www.ubuntu.com/usn/usn-1285-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 15:46:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 00:46:39 +0100 Subject: [SEC] [SA46997] Siemens SIMATIC WinCC Flexible HMI Miniweb Two Vulnerabilities Message-ID: <201111302346.pAUNkdow014565@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Siemens SIMATIC WinCC Flexible HMI Miniweb Two Vulnerabilities SECUNIA ADVISORY ID: SA46997 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46997/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46997 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/46997/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46997/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46997 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered two vulnerabilities in Siemens SIMATIC WinCC Flexible, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service). 1) An input sanitisation error in Miniweb.exe when handling HTTP GET requests can be exploited to download arbitrary files via directory traversal attacks sent in a web request. 2) An input validation error in Miniweb.exe when handling HTTP POST requests can be exploited to crash the process via specially crafted content sent in a web request. The vulnerabilities are confirmed in version 2008 SP2 Upd13 (K01.03.02.13_01.02.00.01). Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/winccflex_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 16:11:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 01:11:57 +0100 Subject: [SEC] [SA47000] Oracle Solaris Gimp GIF Processing "LZWReadByte()" Buffer Overflow Vulnerability Message-ID: <201112010011.pB10Bvla005162@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Oracle Solaris Gimp GIF Processing "LZWReadByte()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA47000 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47000/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47000 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/47000/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47000/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47000 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Oracle has acknowledged a vulnerability in Gimp included in Solaris, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA45621 SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://blogs.oracle.com/sunsecurity/entry/cve_2011_2896_buffer_overflow OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 16:46:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 01:46:34 +0100 Subject: [SEC] [SA47013] CodeIgniter "xss_clean()" Cross-Site Scripting Vulnerability Message-ID: <201112010046.pB10kYRb028616@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: CodeIgniter "xss_clean()" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA47013 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47013/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47013 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/47013/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47013/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47013 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dr. Marian Ventuneac has reported a vulnerability in CodeIgniter, which can be exploited by malicious people to conduct cross-site scripting attacks. The vulnerability is caused due to the "xss_clean()" function not properly filtering web requests and can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 2.0.3. Prior versions may also be affected. SOLUTION: Update to version 2.1.0. PROVIDED AND/OR DISCOVERED BY: Dr. Marian Ventuneac ORIGINAL ADVISORY: CodeIgniter: http://codeigniter.com/user_guide/changelog.html Dr. Marian Ventuneac: http://www.ventuneac.net/security-advisories/MVSA-11-013 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 17:16:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 02:16:00 +0100 Subject: [SEC] [SA47017] SUSE update for puppet Message-ID: <201112010116.pB11G06f019438@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: SUSE update for puppet SECUNIA ADVISORY ID: SA47017 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47017/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47017 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/47017/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47017/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47017 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for puppet. This fixes multiple security issues and two vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious users to conduct spoofing attacks and compromise a vulnerable system. For more information: SA46223 SA46286 SA46550 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1286-1: https://hermes.opensuse.org/messages/12688652 openSUSE-SU-2011:1288-1: https://hermes.opensuse.org/messages/12688644 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 17:47:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 02:47:20 +0100 Subject: [SEC] [SA46847] lighttpd Base64 Authentication Data Decoding Denial of Service Vulnerability Message-ID: <201112010147.pB11lKQD010350@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: lighttpd Base64 Authentication Data Decoding Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46847 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46847/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46847 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/46847/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46847/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46847 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to a signedness error in the "base64_decode()" function (src/http_auth.c) when decoding Base64 encoded authentication data. This can be exploited to reference invalid memory and crash the daemon. The vulnerability is reported in version 1.4.30 and prior. SOLUTION: As a workaround apply patch or disable mod_auth if it's not required. PROVIDED AND/OR DISCOVERED BY: The vendor credits Xi Wang. ORIGINAL ADVISORY: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2011_01.txt http://redmine.lighttpd.net/issues/2370 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Nov 30 18:13:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Dec 2011 03:13:18 +0100 Subject: [SEC] [SA47008] Red Hat update for kernel Message-ID: <201112010213.pB12DIMt000894@CRON-IX-2.intnet> ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA47008 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/47008/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=47008 RELEASE DATE: 2011-11-30 DISCUSS ADVISORY: http://secunia.com/advisories/47008/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/47008/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=47008 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes a weakness and two vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information and to cause a DoS (Denial of Service) and by malicious people to cause a DoS. For more information: SA43576 SA45936 SA46803 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1479-01: https://rhn.redhat.com/errata/RHSA-2011-1479.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ----------------------------------------------------------------------