From sec-adv at secunia.com Thu Sep 1 10:35:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Sep 2011 19:35:05 +0200 Subject: [SEC] [SA45777] Joomla! JCE Component Plugins Directory Traversal Vulnerability Message-ID: <201109011735.p81HZ5LP029582@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Joomla! JCE Component Plugins Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA45777 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45777/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45777 RELEASE DATE: 2011-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/45777/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45777/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45777 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Image Manager Extended and Template Manager plugins for the Joomla! component JCE, which can be exploited by malicious users to disclose system information and manipulate certain data. Certain input is not properly verified before being used to access files. This can be exploited to view and manipulate files and folders outside of the application root. This is related to: SA45849 The vulnerability is reported in the Image Manager Extended plugin prior to versions 1.5.7.8 and 2.0.4 and the Template Manager plugin prior to version 1.5.5.2 and 2.0.3. SOLUTION: Update to Image Manager Extended plugin versions 1.5.7.8 and 2.0.4 and Template Manager plugin versions 1.5.5.2 and 2.0.3. PROVIDED AND/OR DISCOVERED BY: Originally reported by AmnPardaz Security Research Team in the JCE component. Additional information provided by the vendor. ORIGINAL ADVISORY: http://www.joomlacontenteditor.net/news/item/jce-2011-released OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 11:36:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Sep 2011 20:36:45 +0200 Subject: [SEC] [SA45849] Joomla! JCE Component Directory Traversal Vulnerability Message-ID: <201109011836.p81Iajrd021101@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Joomla! JCE Component Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA45849 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45849/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45849 RELEASE DATE: 2011-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/45849/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45849/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45849 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: AmnPardaz Security Research Team has discovered a vulnerability in the JCE component for Joomla!, which can be exploited by malicious users to disclose system information and manipulate certain data. Certain input is not properly verified before being used to access files. This can be exploited to view and manipulate files and folders outside of the application root by e.g. passing certain input via the "json" parameter to plugins. Successful exploitation requires permissions in the "Edit" profile. The vulnerability is confirmed in version 2.0.10. Prior versions may also be affected. SOLUTION: Update to version 2.0.11. PROVIDED AND/OR DISCOVERED BY: AmnPardaz Security Research Team ORIGINAL ADVISORY: JCE: http://www.joomlacontenteditor.net/news/item/jce-2011-released AmnPardaz Security Research Team: http://www.bugreport.ir/index_78.htm OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 12:55:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Sep 2011 21:55:20 +0200 Subject: [SEC] [SA45770] Siemens SIMATIC WinCC Flexible Tag Simulator Memory Corruption Vulnerability Message-ID: <201109011955.p81JtKZu013467@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Siemens SIMATIC WinCC Flexible Tag Simulator Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA45770 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45770/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45770 RELEASE DATE: 2011-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/45770/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45770/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45770 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Siemens SIMATIC WinCC Flexible, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an unspecified error in the tag simulator and can be exploited to cause a memory corruption by opening a specially crafted file. Successful exploitation may allow execution of arbitrary code. The vulnerability are reported in versions 2005 SP1, 2007, 2008, 2008 SP1, and 2008 SP2. SOLUTION: Apply patches. Please see vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Billy Rios and Terry McCorkle via ICS-CERT. ORIGINAL ADVISORY: Siemens: http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=50182361 ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-175-02.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 13:38:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Sep 2011 22:38:23 +0200 Subject: [SEC] [SA45871] IBM Rational Build Forge Security Settings Information Disclosure Security Issue Message-ID: <201109012038.p81KcNWH004008@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: IBM Rational Build Forge Security Settings Information Disclosure Security Issue SECUNIA ADVISORY ID: SA45871 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45871/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45871 RELEASE DATE: 2011-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/45871/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45871/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45871 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in IBM Rational Build Forge, which can be exploited by malicious users to disclose potentially sensitive information. The security issue is caused due to the web application not checking the "EditSecurity" permissions when performing certain actions. This can be exploited to e.g. export a key file from the security sub-menu. SOLUTION: Apply APAR PM38058. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PM38058): https://www.ibm.com/support/docview.wss?uid=swg1PM38058 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 14:33:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 1 Sep 2011 23:33:13 +0200 Subject: [SEC] [SA45644] IBM OS/400 HTTP Server ByteRange Filter Denial of Service Vulnerability Message-ID: <201109012133.p81LXDk4027590@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: IBM OS/400 HTTP Server ByteRange Filter Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45644 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45644/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45644 RELEASE DATE: 2011-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/45644/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45644/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45644 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in OS/400, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 The vulnerability is reported in version V6R1M0. SOLUTION: Apply APAR SE49334. ORIGINAL ADVISORY: IBM (SE49334): https://www.ibm.com/support/docview.wss?uid=nas2aae02620b9b78d9e862578fe003c799b OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 15:06:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 00:06:39 +0200 Subject: [SEC] [SA45819] Novell Identity Manager Java Double Literal Denial of Service Vulnerability Message-ID: <201109012206.p81M6dZp017677@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Novell Identity Manager Java Double Literal Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45819 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45819/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45819 RELEASE DATE: 2011-09-01 DISCUSS ADVISORY: http://secunia.com/advisories/45819/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45819/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45819 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Novell has acknowledged a vulnerability in Novell Identity Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information see vulnerability #1: SA43262 The vulnerability is reported in the following components: * Novell Identity Manager 3.6.1 * Novell Identity Manager 3.6.1 Remote Loader * Novell Identity Manager Roles Based Provisioning Module 3.7 * Novell Identity Manager Roles Based Provisioning Module 3.6.1 * Novell Identity Manager Designer 3.5.1 * Novell Identity Manager Designer 4.0 * Novell Identity Manager Analyzer 1.2 SOLUTION: Apply updates. Please see the vendor's advisory for details. ORIGINAL ADVISORY: http://www.novell.com/support/viewContent.do?externalId=7009249 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 15:33:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 00:33:56 +0200 Subject: [SEC] [SA45864] TIBCO Spotfire Products Multiple Vulnerabilities Message-ID: <201109012233.p81MXul0007428@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: TIBCO Spotfire Products Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45864 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45864/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45864 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45864/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45864/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45864 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in TIBCO Spotfire Analytics Server and TIBCO Spotfire Server, which can be exploited by malicious people to conduct cross-site scripting, session fixation, and SQL injection attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An error in the handling of sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link. 3) Certain unspecified input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in Spotfire Analytics Server versions prior to 10.1.1 and Spotfire Server versions 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0, and 3.3.0. SOLUTION: Update to a fixed version. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.tibco.com/multimedia/spotfire_advisory_20110831_tcm8-14230.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 16:05:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 01:05:32 +0200 Subject: [SEC] [SA45847] ICONICS IcoSetServer ActiveX Control Trusted Zone Policy Manipulation Message-ID: <201109012305.p81N5W3O029834@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: ICONICS IcoSetServer ActiveX Control Trusted Zone Policy Manipulation SECUNIA ADVISORY ID: SA45847 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45847/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45847 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45847/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45847/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45847 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the ICONICS IcoSetServer ActiveX Control, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to an error within the "SetTrustedZone Policy" functionality and can be exploited to add an arbitrary domain into the Trusted Sites zone. The vulnerability is reported in version 9.21. Other versions may also be affected. SOLUTION: Apply patch or update to version 9.22. PROVIDED AND/OR DISCOVERED BY: Billy Rios and Terry McCorkle via ICS-CERT. ORIGINAL ADVISORY: ICONICS: http://www.iconics.com/certs ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-182-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 16:32:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 01:32:24 +0200 Subject: [SEC] [SA45685] Dienstplan Predictable Password Generation Security Issue Message-ID: <201109012332.p81NWOC2019583@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Dienstplan Predictable Password Generation Security Issue SECUNIA ADVISORY ID: SA45685 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45685/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45685 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45685/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45685/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45685 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dan Luedtke has reported a security issue in Dienstplan, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to the password generation algorithm generating predictable passwords, which can be exploited to guess a generated password when e.g. a password reset for a user is triggered. Successful exploitation requires a user name to be known, but can be exploited in conjunction with user name enumeration through the "reset password" functionality. The security issue is reported in version 2.2. Prior versions may also be affected. SOLUTION: Update to version 2.3. PROVIDED AND/OR DISCOVERED BY: Dan Luedtke ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/current/0370.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 17:06:57 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 02:06:57 +0200 Subject: [SEC] [SA45856] Drupal Node Invite Module Cross Site Scripting Vulnerability Message-ID: <201109020006.p8206vpA009703@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Drupal Node Invite Module Cross Site Scripting Vulnerability SECUNIA ADVISORY ID: SA45856 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45856/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45856 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45856/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45856/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45856 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Node Invite module for Drupal, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input related to emails when inviting users is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 6.x-2.3. SOLUTION: Update to version 6.x-2.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Richard Kapolnai. ORIGINAL ADVISORY: SA-CONTRIB-2011-037: http://drupal.org/node/1265424 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 17:33:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 02:33:21 +0200 Subject: [SEC] [SA45775] Drupal Taxonomy Views Integrator Module Script Insertion Vulnerability Message-ID: <201109020033.p820XLIj031841@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Drupal Taxonomy Views Integrator Module Script Insertion Vulnerability SECUNIA ADVISORY ID: SA45775 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45775/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45775 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45775/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45775/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45775 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Taxonomy Views Integrator module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Certain unspecified input related to term descriptions is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires the "administer taxonomy" privileges. The vulnerability is reported in versions prior to 6.x-1.2. SOLUTION: Update to version 6.x-1.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Owen Barton, Drupal Security Team. ORIGINAL ADVISORY: SA-CONTRIB-2011-038: http://drupal.org/node/1265430 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 18:07:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 03:07:42 +0200 Subject: [SEC] [SA45811] WordPress WP Bannerize Plugin "id" SQL Injection Vulnerability Message-ID: <201109020107.p8217gfo021964@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: WordPress WP Bannerize Plugin "id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA45811 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45811/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45811 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45811/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45811/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45811 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Miroslav Stampar has discovered a vulnerability in the WP Bannerize plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "id" parameter to wp-content/plugins/wp-bannerize/ajax_clickcounter.php (when the "X_REQUESTED_WITH" HTTP header is set) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 2.8.6. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Miroslav Stampar ORIGINAL ADVISORY: http://unconciousmind.blogspot.com/2011/08/wordpress-wp-bannerize-plugin-286-sql.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 18:36:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 03:36:48 +0200 Subject: [SEC] [SA45797] Drupal Bot Alarm Module Cross-Site Request Forgery and Script Insertion Vulnerabilities Message-ID: <201109020136.p821am4a011818@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Drupal Bot Alarm Module Cross-Site Request Forgery and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA45797 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45797/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45797 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45797/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45797/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45797 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in the Bot Alarm module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site request forgery attacks. 1) Certain unspecified input related to the message and channels of alarms when viewing pages listing the alarms is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires the "administer bot" privileges. 2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. deleting an alarm if a logged-in administrative user visits a malicious web site. The vulnerabilities are reported in versions prior to 6.x-1.2. SOLUTION: Update to version 6.x-1.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits CS?CSY L?szl?. ORIGINAL ADVISORY: SA-CONTRIB-2011-039: http://drupal.org/node/1265750 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 19:15:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 04:15:36 +0200 Subject: [SEC] [SA45812] WordPress Donation Plugin "did" SQL Injection Vulnerability Message-ID: <201109020215.p822Fa6q002629@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: WordPress Donation Plugin "did" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA45812 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45812/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45812 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45812/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45812/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45812 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Miroslav Stampar has discovered a vulnerability in the Donation plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "did" parameter to wp-content/plugins/wordpress-donation-plugin-with-goals-and-paypal-ipn-by-nonprofitcmsorg/exporttocsv.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Miroslav Stampar ORIGINAL ADVISORY: http://unconciousmind.blogspot.com/2011/08/wordpress-donation-plugin-10-sql.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 19:50:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 04:50:28 +0200 Subject: [SEC] [SA45862] SUSE update for xen Message-ID: <201109020250.p822oShN025221@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SUSE update for xen SECUNIA ADVISORY ID: SA45862 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45862/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45862 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45862/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45862/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45862 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for xen. This fixes two weaknesses, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service). For more information: SA45622 1) A weakness is caused due to an off-by-one error in the "x86_64 __addr_ok()" macro and can be exploited by malicious administrators in a guest system to crash the host system. SOLUTION: Apply updated packages via the zypper package manager. PROVIDED AND/OR DISCOVERED BY: 1) Disclosed in a Red Hat bug report. ORIGINAL ADVISORY: SUSE-SU-2011:0983-1: https://hermes.opensuse.org/messages/11640481 Red Hat Bug #728042: https://bugzilla.redhat.com/show_bug.cgi?id=728042 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 20:15:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 05:15:12 +0200 Subject: [SEC] [SA45800] TANDBERG Products Unspecified SIP Denial of Service Vulnerability Message-ID: <201109020315.p823FClg014872@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: TANDBERG Products Unspecified SIP Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45800 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45800/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45800 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45800/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45800/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45800 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple TANDBERG products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when processing SIP packets and can be exploited to cause a crash via a specially crafted packet sent to ports 5060 or 5061. The vulnerability is reported in versions prior to TC4.0.0 or F9.1 for the following products: * TANDBERG C Series Endpoint * TANDBERG MXP Series Endpoint * TANDBERG E/EX Personal Video SOLUTION: Apply updates. Please see vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: The vendor credits David Klein, Sense of Security. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110831-tandberg.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 20:52:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 05:52:51 +0200 Subject: [SEC] [SA45799] SUSE update for samba Message-ID: <201109020352.p823qpJ0005150@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SUSE update for samba SECUNIA ADVISORY ID: SA45799 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45799/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45799 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45799/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45799/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45799 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for samba. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. For more information: SA45393 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0981-1: https://hermes.opensuse.org/messages/11637959 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 21:18:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 06:18:58 +0200 Subject: [SEC] [SA45855] Red Hat update for ecryptfs-utils Message-ID: <201109020418.p824Iwdw027270@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Red Hat update for ecryptfs-utils SECUNIA ADVISORY ID: SA45855 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45855/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45855 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45855/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45855/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45855 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for ecryptfs-utils. This fixes multiple security issues, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA45563 SA45747 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1241-1: https://rhn.redhat.com/errata/RHSA-2011-1241.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 21:51:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 06:51:27 +0200 Subject: [SEC] [SA44875] InduSoft ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities Message-ID: <201109020451.p824pRqG017305@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: InduSoft ISSymbol ActiveX Control Multiple Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA44875 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44875/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44875 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/44875/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44875/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44875 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered multiple vulnerabilities in InduSoft ISSymbol ActiveX control, which can be exploited by malicious people to compromise a user's system. 1) A boundary error when processing the "Open()" method can be exploited to cause a heap-based buffer overflow via an overly long string passed as a parameter. 2) A boundary error when processing the "Close()" method can be exploited to cause a heap-based buffer overflow via an overly long string passed as a parameter. 3) A boundary error when processing the "SetCurrentLanguage()" method can be exploited to cause a stack-based buffer overflow via an overly long string passed as a parameter. Successful exploitation of these vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in ISSymbol.ocx version 301.1104.601.0 included in InduSoft Web Studio version 7.0B2 hotfix 7.0.01.04. SOLUTION: Install Service Pack 1. PROVIDED AND/OR DISCOVERED BY: Dmitriy Pletnev, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-61/ InduSoft: http://www.indusoft.com/hotfixes/hotfixes.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 1 22:14:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 07:14:26 +0200 Subject: [SEC] [SA45737] WordPress Image Gallery with Slideshow Plugin SQL Injection and Arbitrary File Upload Message-ID: <201109020514.p825EQ6f006854@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: WordPress Image Gallery with Slideshow Plugin SQL Injection and Arbitrary File Upload SECUNIA ADVISORY ID: SA45737 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45737/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45737 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45737/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45737/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45737 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue and a vulnerability have been discovered in the Image Gallery with Slideshow plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system. 1) Input passed via the filename when uploading a file through a webform is not properly sanitised in wp-content/plugins/image-gallery-with-slideshow/upload-file.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 2) The security issue is caused due to missing access restrictions to the wp-content/plugins/image-gallery-with-slideshow/upload-file.php script. This can be exploited to upload arbitrary files to the "wp-content/plugins/image-gallery-with-slideshow/uploads/original" folder inside the webroot and e.g. execute arbitrary PHP code. The vulnerabilities are confirmed in version 1.5. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. Restrict access to the upload-file.php script (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: Hrvoje Spoljar OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 10:36:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 19:36:27 +0200 Subject: [SEC] [SA45878] Joomla! Simple File Upload Module Arbitrary File Upload Vulnerability Message-ID: <201109021736.p82HaRoq000559@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Joomla! Simple File Upload Module Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA45878 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45878/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45878 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45878/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45878/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45878 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Simple File Upload module for Joomla!, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the modules/mod_simplefileupload/helper.php script not properly validating uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".gif" file extension. The vulnerability is confirmed in version 0.9.3. Other versions may also be affected. SOLUTION: Upgrade to the latest version. PROVIDED AND/OR DISCOVERED BY: Reported by the Joomla! VEL team. ORIGINAL ADVISORY: Simple File Upload: http://wasen.net/index.php?option=com_content&view=article&id=64&Itemid=59 http://www.wasen.net/index.php?option=com_content&view=article&id=85:simple-file-upload-v13&catid=40:project-simple-file-upload&Itemid=69 Joomla!: http://docs.joomla.org/Vulnerable_Extensions_List#Simple_File_Upload OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 11:35:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 20:35:46 +0200 Subject: [SEC] [SA45841] Joomla! Simple File Upload Module Arbitrary File Upload Vulnerability Message-ID: <201109021835.p82IZkRr024441@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Joomla! Simple File Upload Module Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA45841 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45841/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45841 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45841/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45841/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45841 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Simple File Upload module for Joomla!, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the modules/mod_simplefileuploadv1.2/helper.php script not properly validating uploaded files, which can be exploited to execute arbitrary PHP code by uploading a PHP file with e.g. an appended ".gif" file extension. The vulnerability is confirmed in version 1.2 and reported in version 1.3. Other versions may also be affected. SOLUTION: Update to version 1.3 released on August 31st, 2011 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the Joomla! VEL team. ORIGINAL ADVISORY: Simple File Upload: http://wasen.net/index.php?option=com_content&view=article&id=64&Itemid=59 http://www.wasen.net/index.php?option=com_content&view=article&id=85:simple-file-upload-v13&catid=40:project-simple-file-upload&Itemid=69 Joomla!: http://docs.joomla.org/Vulnerable_Extensions_List#Simple_File_Upload OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 12:35:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 21:35:58 +0200 Subject: [SEC] [SA45732] Cisco Quad HTTP Server ByteRange Filter Denial of Service Vulnerability Message-ID: <201109021935.p82JZwvp015913@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Cisco Quad HTTP Server ByteRange Filter Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45732 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45732/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45732 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45732/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45732/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45732 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Cisco has acknowledged a vulnerability in Cisco Quad, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 SOLUTION: Restrict access to trusted hosts only. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 13:37:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 22:37:05 +0200 Subject: [SEC] [SA45820] BroadWin WebAccess Client Bwocxrun ActiveX Control Multiple Vulnerabilities Message-ID: <201109022037.p82Kb5WZ007420@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: BroadWin WebAccess Client Bwocxrun ActiveX Control Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45820 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45820/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45820 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45820/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45820/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45820 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered multiple vulnerabilities in BroadWin WebAccess Client, which can be exploited by malicious people to compromise a user's system. 1) A format string error in the "OcxSpool()" method (bwocxrun.ocx) can be exploited to corrupt memory via a specially crafted string. 2) An error in the "WriteTextData()" method (bwocxrun.ocx) when handling an open file descriptor can be exploited to corrupt memory by passing an arbitrary integer value in the "fpt" parameter. 3) An error in the "CloseFile()" method (bwocxrun.ocx) when handling an open file descriptor can be exploited to corrupt memory by passing an arbitrary integer value in the "fpt" parameter. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. The vulnerabilities are confirmed in bwocxrun.ocx version 1.0.0.10 included in WebAccess Client version 7.0. Other versions may also be affected. SOLUTION: Set the kill-bit for the affected ActiveX control. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/bwocxrun_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 14:30:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 23:30:21 +0200 Subject: [SEC] [SA45874] Red Hat update for rsyslog Message-ID: <201109022130.p82LUL6k030952@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Red Hat update for rsyslog SECUNIA ADVISORY ID: SA45874 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45874/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45874 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45874/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45874/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45874 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for rsyslog. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45848 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1247-1: https://rhn.redhat.com/errata/RHSA-2011-1247.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 14:50:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 2 Sep 2011 23:50:42 +0200 Subject: [SEC] [SA45858] Fedora update for ecryptfs-utils Message-ID: <201109022150.p82LogQa020404@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Fedora update for ecryptfs-utils SECUNIA ADVISORY ID: SA45858 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45858/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45858 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45858/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45858/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45858 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ecryptfs-utils. This fixes multiple security issues, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, manipulate certain data, cause a DoS (Denial of Service), and potentially gain escalated privileges. For more information: SA45563 SOLUTION: Apply updated packages via the yum utility ("yum update ecryptfs-utils"). ORIGINAL ADVISORY: FEDORA-2011-10718: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065061.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 15:16:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 00:16:46 +0200 Subject: [SEC] [SA45823] Ingres Unspecified Vulnerability Message-ID: <201109022216.p82MGkg9010150@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Ingres Unspecified Vulnerability SECUNIA ADVISORY ID: SA45823 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45823/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45823 RELEASE DATE: 2011-09-02 DISCUSS ADVISORY: http://secunia.com/advisories/45823/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45823/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45823 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with unknown impacts has been reported in Ingres. The vulnerability is caused due to an unspecified error related to a shared memory segment and IIPROMPT and can be exploited to "overflow data" within the Ingres name server (iigcn). No further information is currently available. The vulnerability is reported in versions 2.6, 9.1, 9.2, 9.3, and 10.0 for Windows. SOLUTION: Fixes are available in a knowledge base document. Contact the vendor for additional details. PROVIDED AND/OR DISCOVERED BY: The vendor credits the Ingres community. ORIGINAL ADVISORY: http://downloads.ingres.com/support/alert/Ingres-SecAlert_August_30_2011_Final_Ingres.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 15:51:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 00:51:56 +0200 Subject: [SEC] [SA45807] bcfg2 Command Injection Vulnerabilities Message-ID: <201109022251.p82MpugT000300@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: bcfg2 Command Injection Vulnerabilities SECUNIA ADVISORY ID: SA45807 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45807/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45807 RELEASE DATE: 2011-09-03 DISCUSS ADVISORY: http://secunia.com/advisories/45807/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45807/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45807 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in bcfg2, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to input sanitation errors when using certain input received from client, which can be exploited to inject and execute arbitrary shell commands with root privileges on the server system via e.g. the SSHbase plugin. Successful exploitation requires root access on a client system. SOLUTION: Fixed in the GIT repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://article.gmane.org/gmane.comp.sysutils.bcfg2.devel/4318 https://github.com/solj/bcfg2/commit/46795ae451ca6ede55a0edeb726978aef4684b53 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 16:16:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 01:16:05 +0200 Subject: [SEC] [SA45848] rsyslog "parseLegacySyslogMsg()" Malformed TAG Off-By-Two Vulnerability Message-ID: <201109022316.p82NG5OX022439@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: rsyslog "parseLegacySyslogMsg()" Malformed TAG Off-By-Two Vulnerability SECUNIA ADVISORY ID: SA45848 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45848/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45848 RELEASE DATE: 2011-09-03 DISCUSS ADVISORY: http://secunia.com/advisories/45848/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45848/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45848 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in rsyslog, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an off-by-two error within the "parseLegacySyslogMsg()" function (tools/syslogd.c) and can be exploited to cause a limited stack-based buffer overflow by sending an overly long TAG within a legacy syslog message. The vulnerability is reported in versions 4.6.0 through 4.6.7 and versions 5.2.0 through 5.8.4. SOLUTION: Update to versions 4.6.8 or 5.8.5. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported in a Red Hat bug. ORIGINAL ADVISORY: rsyslog: http://www.rsyslog.com/potential-dos-with-malformed-tag/ Red Hat bug 727644: https://bugzilla.redhat.com/show_bug.cgi?id=727644 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 16:51:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 01:51:34 +0200 Subject: [SEC] [SA45810] SUSE update for kernel Message-ID: <201109022351.p82NpYHw012667@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SUSE update for kernel SECUNIA ADVISORY ID: SA45810 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45810/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45810 RELEASE DATE: 2011-09-03 DISCUSS ADVISORY: http://secunia.com/advisories/45810/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45810/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45810 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), and to potentially gain escalated privileges. For more information: SA42148 SA45420 SA45533 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0984-2: https://hermes.opensuse.org/messages/11647323 SUSE-SA:2011:038: https://lwn.net/Articles/457379/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 17:18:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 02:18:50 +0200 Subject: [SEC] [SA45875] GEAR CD DVD Filter Driver GEARAspiWDM.sys Two Array-Indexing Vulnerabilities Message-ID: <201109030018.p830Io4g002437@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: GEAR CD DVD Filter Driver GEARAspiWDM.sys Two Array-Indexing Vulnerabilities SECUNIA ADVISORY ID: SA45875 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45875/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45875 RELEASE DATE: 2011-09-03 DISCUSS ADVISORY: http://secunia.com/advisories/45875/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45875/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45875 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Secunia Research has discovered two vulnerabilities in GEAR CD DVD Filter Driver, which can be exploited by malicious, local users to cause a DoS (Denial of Service). 1) An array-indexing error when accessing a table of pointers can be exploited to access invalid memory and cause the kernel to crash via a specially crafted 0x00222018 IOCTL. 2) A second array-indexing error when accessing a table of pointers can be exploited to access invalid memory and cause the kernel to crash via a specially crafted 0x0022201C IOCTL. The vulnerabilities are confirmed in the following products (other versions may also be affected): * GEAR CD DVD Filter Driver version 2.2.0.1. * GEAR ISO Burn version 1.7.1. SOLUTION: Apply patch via the driver installer package version 4.018.3. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Dmitriy Pletnev, Secunia Research. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-62/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 17:50:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 02:50:25 +0200 Subject: [SEC] [SA45828] SUSE update for tomcat6 Message-ID: <201109030050.p830oPST024914@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SUSE update for tomcat6 SECUNIA ADVISORY ID: SA45828 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45828/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45828 RELEASE DATE: 2011-09-03 DISCUSS ADVISORY: http://secunia.com/advisories/45828/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45828/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45828 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for tomcat6. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to disclose sensitive information and bypass certain security restrictions or cause a DoS (Denial of Service). For more information: SA44981 SA45232 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0988-1: https://hermes.opensuse.org/messages/11647318 SUSE-SU-2011:0990-1: https://hermes.opensuse.org/messages/11651531 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 18:14:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 03:14:51 +0200 Subject: [SEC] [SA45784] SUSE update for tomcat5 Message-ID: <201109030114.p831EpjV014589@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SUSE update for tomcat5 SECUNIA ADVISORY ID: SA45784 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45784/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45784 RELEASE DATE: 2011-09-03 DISCUSS ADVISORY: http://secunia.com/advisories/45784/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45784/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45784 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for tomcat5. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to disclose sensitive information and bypass certain security restrictions or cause a DoS (Denial of Service). For more information: SA44981 SA45232 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:0989-1: https://hermes.opensuse.org/messages/11647322 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 18:52:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 03:52:14 +0200 Subject: [SEC] [SA45834] Symantec Enterprise Vault Outside In Module Vulnerabilities Message-ID: <201109030152.p831qEbE004904@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Symantec Enterprise Vault Outside In Module Vulnerabilities SECUNIA ADVISORY ID: SA45834 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45834/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45834 RELEASE DATE: 2011-09-03 DISCUSS ADVISORY: http://secunia.com/advisories/45834/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45834/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45834 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Symantec Enterprise Vault, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. The vulnerabilities are caused due to the software bundling a vulnerable Outside In module. For more information: SA44295 SA45297 The vulnerabilities are reported in versions 8.0 SP5 and prior, 9.0.x, and 10. SOLUTION: Apply hotfix. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC. ORIGINAL ADVISORY: Symantec: http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&suid=20110901_00 US-CERT (VU#520721, VU#103425): http://www.kb.cert.org/vuls/id/520721 http://www.kb.cert.org/vuls/id/103425 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 19:22:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 04:22:39 +0200 Subject: [SEC] [SA45872] IBM HTTP Server ByteRange Filter Denial of Service Vulnerability Message-ID: <201109030222.p832Mdr9027764@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: IBM HTTP Server ByteRange Filter Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45872 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45872/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45872 RELEASE DATE: 2011-09-03 DISCUSS ADVISORY: http://secunia.com/advisories/45872/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45872/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45872 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM HTTP Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 The vulnerability is reported in versions 2.0.42, 2.0.47, 6.0 through 6.0.2.43, 6.1 through 6.1.0.39, 7.0 through 7.0.0.17, and 8.0. SOLUTION: Apply a workaround (please see the vendor's advisory for details). Fixes are scheduled to be released in September and November 2011. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg21512087 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 19:50:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 04:50:41 +0200 Subject: [SEC] [SA45824] Ubuntu update for apache2 Message-ID: <201109030250.p832ofqU017614@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Ubuntu update for apache2 SECUNIA ADVISORY ID: SA45824 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45824/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45824 RELEASE DATE: 2011-09-03 DISCUSS ADVISORY: http://secunia.com/advisories/45824/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45824/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45824 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for apache2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1199-1: http://www.ubuntu.com/usn/usn-1199-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 20:14:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 05:14:22 +0200 Subject: [SEC] [SA45821] SUSE update for ncpfs Message-ID: <201109030314.p833EMup007244@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SUSE update for ncpfs SECUNIA ADVISORY ID: SA45821 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45821/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45821 RELEASE DATE: 2011-09-03 DISCUSS ADVISORY: http://secunia.com/advisories/45821/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45821/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45821 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for ncpfs. This fixes two security issues, which can be exploited by malicious, local users to disclose certain system information and cause a DoS (Denial of Service). For more information: SA38327 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0985-1: https://lwn.net/Articles/457382/ SUSE-SU-2011:0987-1: https://hermes.opensuse.org/messages/11647307 SUSE-SU-2011:0987-2: https://hermes.opensuse.org/messages/11651521 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 20:49:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 05:49:27 +0200 Subject: [SEC] [SA45822] Red Hat update for httpd Message-ID: <201109030349.p833nRKA029879@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Red Hat update for httpd SECUNIA ADVISORY ID: SA45822 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45822/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45822 RELEASE DATE: 2011-09-03 DISCUSS ADVISORY: http://secunia.com/advisories/45822/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45822/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45822 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for httpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1245-01: https://rhn.redhat.com/errata/RHSA-2011-1245.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 2 21:15:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 3 Sep 2011 06:15:22 +0200 Subject: [SEC] [SA45719] WordPress Grapefile Plugin File Upload Security Issues Message-ID: <201109030415.p834FM7u019631@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: WordPress Grapefile Plugin File Upload Security Issues SECUNIA ADVISORY ID: SA45719 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45719/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45719 RELEASE DATE: 2011-09-03 DISCUSS ADVISORY: http://secunia.com/advisories/45719/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45719/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45719 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple security issues have been discovered in the Grapefile plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The security issues are caused due to missing access restrictions to the wp-content/plugins/grapefile/grapeupload.php, wp-content/plugins/grapefile/grapeupload2.php, wp-content/plugins/grapefile/grapeupload3.php, and wp-content/plugins/grapefile/grapeupload4.php scripts. This can be exploited to upload arbitrary files to the "wp-content/plugins/grapefile/filestore/avi", "wp-content/plugins/grapefile/filestore/doc", "wp-content/plugins/grapefile/filestore/mp3", and "wp-content/plugins/grapefile/filestore/zip" folders inside the webroot and e.g. execute arbitrary PHP code. The security issues are confirmed in version 1.1. Other versions may also be affected. SOLUTION: Restrict access to the grapeupload.php, grapeupload2.php, grapeupload3.php, and grapeupload4.php scripts (e.g. via .htaccess). PROVIDED AND/OR DISCOVERED BY: Hrvoje Spoljar OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 10:35:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Sep 2011 19:35:02 +0200 Subject: [SEC] [SA45860] BlueDragon Products Cross-Site Request Forgery Vulnerability Message-ID: <201109051735.p85HZ2am032727@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: BlueDragon Products Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA45860 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45860/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45860 RELEASE DATE: 2011-09-05 DISCUSS ADVISORY: http://secunia.com/advisories/45860/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45860/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45860 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in BlueDragon Server, BlueDragon Server JX, BlueDragon for J2EE Application Servers, and BlueDragon for the Microsoft .NET Framework, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the administrator password by tricking a logged in administrator into visiting a malicious web site. NOTE: This can further be exploited to conduct script insertion and cross-site scripting attacks. The vulnerability is reported in versions 7.1.1.17948 and prior. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: SubhashDasyam OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 11:34:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Sep 2011 20:34:38 +0200 Subject: [SEC] [SA45838] ZipX Archive Processing Buffer Overflow Vulnerability Message-ID: <201109051834.p85IYc3g024319@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: ZipX Archive Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45838 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45838/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45838 RELEASE DATE: 2011-09-05 DISCUSS ADVISORY: http://secunia.com/advisories/45838/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45838/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45838 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ZipX, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error when processing archive files and can be exploited to cause a stack-based buffer overflow via e.g. a specially crafted ZIP file. Successful exploitation allows execution of arbitrary code, but requires tricking a user into encrypting a malicious archive file. The vulnerability is confirmed in version 1.71 Build 987. Other versions may also be affected. SOLUTION: Do not open archive files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: C4SS!0 G0M3S OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 12:35:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Sep 2011 21:35:10 +0200 Subject: [SEC] [SA45832] OpenTTD Multiple Vulnerabilities Message-ID: <201109051935.p85JZA8D015963@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: OpenTTD Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45832 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45832/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45832 RELEASE DATE: 2011-09-05 DISCUSS ADVISORY: http://secunia.com/advisories/45832/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45832/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45832 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in OpenTTD, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) Errors within the processing of certain commands can be exploited to e.g. cause a crash and potentially execute arbitrary code by sending specially crafted commands. 2) An error within the processing of "NAME" chunks can be exploited to cause a heap-based buffer overflow via specially crafted savegame files. 3) An error within the processing of "PLYR" chunks can be exploited to cause a heap-based buffer overflow via specially crafted savegame files. 4) An error within the processing of "CHTS" chunks can be exploited to cause a buffer overflow via specially crafted savegame files. 5) An error within the processing of "AIPL" chunks can be exploited to cause a memory corruption via specially crafted savegame files. 6) An error within the processing of RLE compressed BMP images can be exploited to cause a memory corruption via specially crafted BMP files. 7) Errors within the handling memory allocations can be exploited to e.g. cause buffer overflows via specially crafted BMP image files. SOLUTION: Fixed in the SVN repository. Update to version 1.1.3 when available. PROVIDED AND/OR DISCOVERED BY: Reported in OpenTTD bugs by Matt D. (monoid). ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/09/02/4 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 13:33:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Sep 2011 22:33:34 +0200 Subject: [SEC] [SA45865] Hitachi Web Server ByteRange Filter Denial of Service Vulnerability Message-ID: <201109052033.p85KXYUw007464@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Hitachi Web Server ByteRange Filter Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45865 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45865/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45865 RELEASE DATE: 2011-09-05 DISCUSS ADVISORY: http://secunia.com/advisories/45865/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45865/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45865 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Hitachi has acknowledged a vulnerability in Hitachi Web Server, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply a workaround (please see the vendor's advisory for details). ORIGINAL ADVISORY: Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/./vuls/HS11-019/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 14:28:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Sep 2011 23:28:24 +0200 Subject: [SEC] [SA45863] Hitachi Products Cosminexus XML Processor Denial of Service Vulnerability Message-ID: <201109052128.p85LSO2L031232@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Hitachi Products Cosminexus XML Processor Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45863 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45863/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45863 RELEASE DATE: 2011-09-05 DISCUSS ADVISORY: http://secunia.com/advisories/45863/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45863/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45863 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Hitachi products, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error within the Cosminexus XML Processor. No further information is currently available. Please see the vendor's advisory for a list of affected versions. SOLUTION: Apply updates. Please see vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Hitachi (Japanese): http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-018/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 14:49:47 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 5 Sep 2011 23:49:47 +0200 Subject: [SEC] [SA45909] Red Hat update for JBoss Enterprise Portal Platform Message-ID: <201109052149.p85Lnl56020878@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Red Hat update for JBoss Enterprise Portal Platform SECUNIA ADVISORY ID: SA45909 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45909/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45909 RELEASE DATE: 2011-09-05 DISCUSS ADVISORY: http://secunia.com/advisories/45909/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45909/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45909 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for JBoss Enterprise Portal Platform. This fixes a weakness, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA44316 SOLUTION: Apply update. Please see the vendor's advisory for details. ORIGINAL ADVISORY: RHSA-2011:1251-1: https://rhn.redhat.com/errata/RHSA-2011-1251.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 15:14:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 00:14:41 +0200 Subject: [SEC] [SA45912] ClearSCADA 2010 Web Interface Authentication Bypass Vulnerability Message-ID: <201109052214.p85MEfvF010685@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: ClearSCADA 2010 Web Interface Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA45912 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45912/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45912 RELEASE DATE: 2011-09-05 DISCUSS ADVISORY: http://secunia.com/advisories/45912/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45912/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45912 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ClearSCADA 2010, which can be exploited by malicious people to bypass certain security restrictions. For more information: SA45854 The vulnerability is reported in version R1.0. SOLUTION: Update to version R1.1. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Jeremy Brown. ORIGINAL ADVISORY: ICS-CERT (ICSA-11-173-01): http://www.us-cert.gov/control_systems/pdf/ICSA-11-173-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 15:48:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 00:48:54 +0200 Subject: [SEC] [SA45913] Serck SCX ClearSCADA Web Interface Authentication Bypass Vulnerability Message-ID: <201109052248.p85MmsTt000948@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Serck SCX ClearSCADA Web Interface Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA45913 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45913/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45913 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45913/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45913/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45913 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Serck SCX, which can be exploited by malicious people to bypass certain security restrictions. The application bundles a vulnerable version of ClearSCADA. For more information: SA45854 The vulnerability is reported in the following products. * Serck SCX version 67 R4.5 * Serck SCX version 68 R3.9 SOLUTION: Update to a fixed version. Contact the vendor for further information. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Jeremy Brown. ORIGINAL ADVISORY: ICS-CERT (ICSA-11-173-01): http://www.us-cert.gov/control_systems/pdf/ICSA-11-173-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 16:15:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 01:15:07 +0200 Subject: [SEC] [SA45829] MantisBT Multiple Vulnerabilities Message-ID: <201109052315.p85NF7SJ023300@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: MantisBT Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45829 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45829/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45829 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45829/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45829/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45829 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in MantisBT, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information and by malicious users to compromise a vulnerable system. 1) Certain input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the "action" parameter in bug_actiongroup_ext_page.php and bug_actiongroup_page.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks and URL-encoded NULL bytes. Note: In combination with MantisBT's file upload functionality, this can be exploited to execute arbitrary PHP code. 3) Input passed to the "os", "os_build", and "platform" parameters in bug_report_page.php and bug_update_advanced_page.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a users browser session in context of an affected site. SOLUTION: Fixed in the GIT repository. Update to version 1.2.8 as soon as available. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Independently discovered by Paulino Calderon, Websec and High-Tech Bridge Security Research Lab 2, 3) High-Tech Bridge Security Research Lab ORIGINAL ADVISORY: MantisBT: http://www.mantisbt.org/bugs/view.php?id=13191 http://www.mantisbt.org/bugs/view.php?id=13281 http://www.openwall.com/lists/oss-security/2011/09/04/1 http://www.openwall.com/lists/oss-security/2011/09/04/2 High-Tech Bridge Security Research Lab: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_mantisbt.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 16:48:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 01:48:54 +0200 Subject: [SEC] [SA45818] IBM OmniFind CorelDRAW Parser Buffer Overflow Vulnerability Message-ID: <201109052348.p85NmsXJ013579@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: IBM OmniFind CorelDRAW Parser Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45818 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45818/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45818 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45818/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45818/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45818 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM OmniFind Enterprise Edition, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the software bundling a vulnerable Outside In library. For more information see vulnerability #1: SA45297 The vulnerability is reported in versions 8.5 and 9.1 SOLUTION: Apply the workaround. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Will Dormann, CERT/CC. ORIGINAL ADVISORY: IBM: http://www.ibm.com/support/docview.wss?uid=swg21512725 US-CERT (VU#103425): http://www.kb.cert.org/vuls/id/103425 http://www.kb.cert.org/vuls/id/WDON-8J4JEE OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 17:16:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 02:16:53 +0200 Subject: [SEC] [SA45890] GentleSource Short URL "u" Script Insertion Vulnerability Message-ID: <201109060016.p860Grdr003538@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: GentleSource Short URL "u" Script Insertion Vulnerability SECUNIA ADVISORY ID: SA45890 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45890/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45890 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45890/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45890/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45890 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in GentleSource Short URL, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "u" POST parameter to index.php is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Eyup CELIK OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 17:49:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 02:49:32 +0200 Subject: [SEC] [SA45815] GTK+ Insecure Library Loading Vulnerability Message-ID: <201109060049.p860nWDl026189@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: GTK+ Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA45815 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45815/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45815 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45815/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45815/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45815 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in GTK+, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to the "_gdk_input_wintab_init_check()" (gdk/win32/gdkinput-win32.c) and the "xp_theme_init()" functions (modules/engines/ms-windows/xp_theme.c) loading libraries (wintab32.dll and uxtheme.dll) in an insecure manner. This can be exploited to load arbitrary libraries when an application using this library e.g. opens a file located on a remote WebDAV or SMB share. Successful exploitation may allow execution of arbitrary code. SOLUTION: Update to version 2.24.0. PROVIDED AND/OR DISCOVERED BY: JVN credits Naoto Katsumi, LAC Co., Ltd. ORIGINAL ADVISORY: JVN: http://jvn.jp/en/jp/JVN58019849/index.html GTK+: http://git.gnome.org/browse/gtk+/commit/modules/engines/ms-windows/xp_theme.c?h=gtk-2-24&id=d6e11a97e318158f5d210a0476870dfe14ed95e6 http://git.gnome.org/browse/gtk+/commit/gdk/win32/gdkinput-win32.c?h=gtk-2-24&id=88f54ea47d4a55bbbf9e34a7a0502f365eb69ae5&ss=1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 18:15:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 03:15:09 +0200 Subject: [SEC] [SA45907] KnFTP FTP Command Processing Buffer Overflow Vulnerability Message-ID: <201109060115.p861F9EO016046@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: KnFTP FTP Command Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45907 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45907/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45907 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45907/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45907/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45907 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Qixu Liu has discovered a vulnerability in KnFTP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error when processing FTP commands and can be exploited to cause a stack-based buffer overflow via an overly long string passed e.g. via the FTP "PASS" command. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.0.0. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Qixu Liu, NCNIPC. ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-09/0015.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 18:49:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 03:49:37 +0200 Subject: [SEC] [SA45885] GentleSource Tell a Friend Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201109060149.p861nbeX006332@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: GentleSource Tell a Friend Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA45885 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45885/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45885 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45885/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45885/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45885 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in GentleSource Tell a Friend, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "firstname", "lastname", "sender_email", "friend_email", and "comment" POST parameters to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 2.9.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Eyup CELIK OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 19:24:40 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 04:24:40 +0200 Subject: [SEC] [SA45835] Xen "__addr_ok()" Macro Input Validation Weakness Message-ID: <201109060224.p862Oeg6029554@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Xen "__addr_ok()" Macro Input Validation Weakness SECUNIA ADVISORY ID: SA45835 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45835/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45835 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45835/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45835/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45835 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Xen, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service). The weakness is caused due to an input validation error within the "__addr_ok()" macro (xen/include/asm-x86/x86_64/uaccess.h) and can be exploited to crash the host system via malicious hypercalls. Successful exploitation requires administrative privileges within a 64bit PV guest. The weakness is reported in version 3.3. Prior versions may also be affected. SOLUTION: Apply the patch. See vendor's advisory for additional details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Xen XSA-4: http://www.openwall.com/lists/oss-security/2011/09/02/2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 19:49:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 04:49:56 +0200 Subject: [SEC] [SA45892] SUSE update for apache2 Message-ID: <201109060249.p862nug7019394@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SUSE update for apache2 SECUNIA ADVISORY ID: SA45892 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45892/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45892 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45892/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45892/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45892 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for apache2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:0993-1: http://lists.opensuse.org/opensuse-updates/2011-09/msg00002.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 20:16:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 05:16:00 +0200 Subject: [SEC] [SA45845] Novell Cloud Manager RPC Session Initialization Security Bypass Message-ID: <201109060316.p863G00n009253@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Novell Cloud Manager RPC Session Initialization Security Bypass SECUNIA ADVISORY ID: SA45845 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45845/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45845 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45845/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45845/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45845 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Novell Cloud Manager, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error when initializing an object for a RPC method resulting in a partially initialized session. This can be exploited to execute privileged RPC calls. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions 1.1, 1.1.1, and 1.1.2. SOLUTION: Update to version 1.1.2 patch 3. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1c239c43f521145fa8385d64a9c32243 via ZDI. ORIGINAL ADVISORY: http://www.zerodayinitiative.com/advisories/ZDI-11-278/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 20:50:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 05:50:35 +0200 Subject: [SEC] [SA45854] ClearSCADA Web Interface Authentication Bypass Vulnerability Message-ID: <201109060350.p863oZR9031999@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: ClearSCADA Web Interface Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA45854 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45854/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45854 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45854/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45854/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45854 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ClearSCADA, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the dbserver.exe process during authentication to the web interface and can be exploited to access certain "Safe Mode" diagnostics functionality. The vulnerability is reported the following products: * ClearSCADA 2009 * ClearSCADA 2007 * ClearSCADA 2005 SOLUTION: Upgrade to ClearSCADA 2010 R1.1 or later. PROVIDED AND/OR DISCOVERED BY: ICS-CERT credits Jeremy Brown. ORIGINAL ADVISORY: ICS-CERT (ICSA-11-173-01): http://www.us-cert.gov/control_systems/pdf/ICSA-11-173-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 5 21:15:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 06:15:38 +0200 Subject: [SEC] [SA45896] Inductive Automation Ignition File Disclosure Vulnerability Message-ID: <201109060415.p864FcCn021830@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Inductive Automation Ignition File Disclosure Vulnerability SECUNIA ADVISORY ID: SA45896 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45896/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45896 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45896/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45896/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45896 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Inductive Automation Ignition, which can be exploited by malicious people to disclose potentially sensitive information. Certain unspecified input passed via the URL is not properly verified before being used to display files. This can be exploited to disclose the contents of files. The vulnerability is reported in versions prior to 7.2.8.178. SOLUTION: Update to version 7.2.8.178. PROVIDED AND/OR DISCOVERED BY: Rub?n Santamarta via ICS-CERT. ORIGINAL ADVISORY: http://www.us-cert.gov/control_systems/pdf/ICSA-11-231-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 6 10:36:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 19:36:11 +0200 Subject: [SEC] [SA45842] Witness Systems eQuality Packet Handling Buffer Overflow Vulnerability Message-ID: <201109061736.p86HaBKZ018708@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Witness Systems eQuality Packet Handling Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45842 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45842/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45842 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45842/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45842/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45842 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Witness Systems eQuality, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in Unify2.exe when handling certain packets and can be exploited to cause a stack-based buffer overflow via specially crafted packets sent to TCP port 6821. Successful exploitation may allow execution of arbitrary code. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri, ThirdEyeTesters via ZDI. ORIGINAL ADVISORY: http://www.zerodayinitiative.com/advisories/ZDI-11-279/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 6 11:36:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 20:36:09 +0200 Subject: [SEC] [SA45867] WordPress DukaPress Shopping Cart Plugin TimThumb Arbitrary File Upload Vulnerability Message-ID: <201109061836.p86Ia9I9010291@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: WordPress DukaPress Shopping Cart Plugin TimThumb Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA45867 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45867/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45867 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45867/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45867/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45867 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the DukaPress Shopping Cart plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a bundled vulnerable version of TimThumb. For more information see vulnerability #1 in: SA45416 SOLUTION: Update to version 2.3.3 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: DukaPress Shopping Cart: http://wordpress.org/extend/plugins/dukapress/changelog/ http://dukapress.org/blog/2011/08/09/dukapress-2-3-3-timthumb-security-update/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 6 12:36:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 21:36:24 +0200 Subject: [SEC] [SA45781] OpenSSL CRL Bypass and ECDH Denial of Service Vulnerability Message-ID: <201109061936.p86JaO0c001873@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: OpenSSL CRL Bypass and ECDH Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45781 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45781/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45781 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45781/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45781/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45781 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service). 1) An error within OpenSSL's internal certificate verification can lead to OpenSSL accepting CRL (Certificate Revocation Lists) with a "nextUpdate" field set to a date in the past. 2) An error within the implementation of ephemeral ECDH ciphersuites can be exploited to crash a vulnerable server by sending handshake messages within an invalid order. Successful exploitation of this vulnerability requires that the server enabled and supports the ECDH ciphersuites. NOTE: Additionally, the ECDH implementation is not thread safe. The vulnerabilities are reported in versions 1.0.0 through 1.0.0d. SOLUTION: Update to version 1.0.0e. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Kaspar Brand 2) Adam Langley ORIGINAL ADVISORY: http://www.openssl.org/news/secadv_20110906.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 6 13:35:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 22:35:09 +0200 Subject: [SEC] [SA45914] OpenSSL Ephermal ECDH Ciphersuites Denial of Service Vulnerability Message-ID: <201109062035.p86KZ9CA025878@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: OpenSSL Ephermal ECDH Ciphersuites Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45914 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45914/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45914 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45914/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45914/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45914 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OpenSSL, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the implementation of ephermal ECDH ciphersuites. For more information see vulnerability #2 in: SA45781 SOLUTION: Fixed in the CVS repository. ORIGINAL ADVISORY: http://www.openssl.org/news/secadv_20110906.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 6 14:29:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 23:29:35 +0200 Subject: [SEC] [SA45836] OpenVAS Scanner Insecure Temporary File Security Issue Message-ID: <201109062129.p86LTZpo017219@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: OpenVAS Scanner Insecure Temporary File Security Issue SECUNIA ADVISORY ID: SA45836 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45836/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45836 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45836/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45836/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45836 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in OpenVAS Scanner, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to the application passing a predictable temporary filename to the "-r" parameter of the ovaldi application, which can be exploited to overwrite arbitrary files via symlink attacks. The security issue is reported in version 3.2.4. Other versions may also be affected SOLUTION: Restrict access to trusted users only. PROVIDED AND/OR DISCOVERED BY: BugsNotHugs ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0057.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 6 14:51:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 6 Sep 2011 23:51:20 +0200 Subject: [SEC] [SA45869] SUSE update for apache2 Message-ID: <201109062151.p86LpKLl006866@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SUSE update for apache2 SECUNIA ADVISORY ID: SA45869 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45869/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45869 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45869/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45869/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45869 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for apache2. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA40206 SA45606 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1000-1: https://hermes.opensuse.org/messages/11682644 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 6 15:16:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Sep 2011 00:16:36 +0200 Subject: [SEC] [SA45839] Debian update for rails Message-ID: <201109062216.p86MGapF029135@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Debian update for rails SECUNIA ADVISORY ID: SA45839 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45839/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45839 RELEASE DATE: 2011-09-06 DISCUSS ADVISORY: http://secunia.com/advisories/45839/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45839/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45839 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for rails. This fixes multiple vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting, HTTP response splitting, and SQL injection attacks. For more information: SA37446 SA45648 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2301-1: http://www.debian.org/security/2011/dsa-2301 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 10:38:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Sep 2011 19:38:36 +0200 Subject: [SEC] [SA45925] WordPress wpcu3er Plugin Arbitrary File Upload Vulnerability Message-ID: <201109071738.p87Hca7O012560@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: WordPress wpcu3er Plugin Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA45925 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45925/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45925 RELEASE DATE: 2011-09-07 DISCUSS ADVISORY: http://secunia.com/advisories/45925/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45925/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45925 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the wpcu3er plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the wp-content/plugins/wpcu3er/php/ajaxReq.php script not properly verifying uploaded file types. This can be exploited to execute arbitrary PHP code by uploading a PHP file. The vulnerability is confirmed in version 0.55. Prior versions may also be affected. SOLUTION: Update to version 0.56 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: wpcu3er: http://wordpress.org/extend/plugins/wpcu3er/changelog/ http://plugins.trac.wordpress.org/changeset/422129/wpcu3er/trunk/php/ajaxReq.php?old=419162&old_path=wpcu3er%2Ftrunk%2Fphp%2FajaxReq.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 11:39:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Sep 2011 20:39:13 +0200 Subject: [SEC] [SA45846] WordPress KNR Author List Plugin Two SQL Injection Vulnerabilities Message-ID: <201109071839.p87IdDM6004196@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: WordPress KNR Author List Plugin Two SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA45846 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45846/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45846 RELEASE DATE: 2011-09-07 DISCUSS ADVISORY: http://secunia.com/advisories/45846/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45846/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45846 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Miroslav Stampar has discovered two vulnerabilities in the KNR Author List plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed via the "listItem[]" parameter to wp-content/plugins/knr-author-list-widget/knrAuthorListCustomSortSave.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 2) Input passed as the "listItem" array keys to wp-content/plugins/knr-author-list-widget/knrAuthorListCustomSortSave.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 2.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Miroslav Stampar ORIGINAL ADVISORY: http://unconciousmind.blogspot.com/2011/09/wordpress-knr-author-list-widget-plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 12:36:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Sep 2011 21:36:27 +0200 Subject: [SEC] [SA45884] Zikula Application Framework "themename" Cross-Site Scripting Vulnerability Message-ID: <201109071936.p87JaR6w028134@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Zikula Application Framework "themename" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA45884 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45884/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45884 RELEASE DATE: 2011-09-07 DISCUSS ADVISORY: http://secunia.com/advisories/45884/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45884/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45884 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in Zikula Application Framework, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "themename" parameter to index.php (when "module" is set to "theme", "type" is set to "admin", and "func" is set to "setasdefault") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.2.7. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: https://www.htbridge.ch/advisory/xss_in_zikula.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 13:39:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Sep 2011 22:39:23 +0200 Subject: [SEC] [SA45924] GnuCash Insecure Library and Executable Loading Vulnerabilities Message-ID: <201109072039.p87KdN82019920@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: GnuCash Insecure Library and Executable Loading Vulnerabilities SECUNIA ADVISORY ID: SA45924 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45924/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45924 RELEASE DATE: 2011-09-07 DISCUSS ADVISORY: http://secunia.com/advisories/45924/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45924/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45924 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been discovered in GnuCash, which can be exploited by malicious people to compromise a user's system. 1) The application bundles a vulnerable version of the Pthreads-win32 library, which loads libraries (e.g. quserex.dll) in an insecure manner and can be exploited to load arbitrary libraries. For more information: SA41215 2) The application loads an executable (perl.exe) in an insecure manner, which can be exploited to execute an arbitrary program. Successful exploitation of the vulnerabilities allows execution of arbitrary code, but requires tricking a user into e.g. opening ".gnucash" file located on a remote WebDAV or SMB share. The vulnerabilities are confirmed in version 2.4.7 r20813 running on Windows. Other versions may also be affected. SOLUTION: Do not open untrusted files. PROVIDED AND/OR DISCOVERED BY: Mister Teatime OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 14:30:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Sep 2011 23:30:44 +0200 Subject: [SEC] [SA45897] Red Hat update for kernel Message-ID: <201109072130.p87LUi8f011117@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Red Hat update for kernel SECUNIA ADVISORY ID: SA45897 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45897/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45897 RELEASE DATE: 2011-09-07 DISCUSS ADVISORY: http://secunia.com/advisories/45897/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45897/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45897 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), and gain escalated privileges and by malicious, local users in a guest virtual machine and malicious people to cause a DoS. For more information: SA44754 SA45835 1) A NULL pointer dereference error in the Stream Control Transmission Protocol (SCTP) implementation can be exploited to cause a DoS by sending specially crafted SCTP packets. 2) An error within the SAHF instruction emulation can be exploited by privileged users within a guest system to crash the host system. Successful exploitation of this weakness requires that the host system is not using hardware assisted paging (HAP). SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1212-01: https://rhn.redhat.com/errata/RHSA-2011-1212.html Red Hat Bug#714867: https://bugzilla.redhat.com/show_bug.cgi?id=714867 Xen Rev#15644: http://xenbits.xen.org/hg/xen-3.1-testing.hg/rev/15644 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 14:51:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 7 Sep 2011 23:51:42 +0200 Subject: [SEC] [SA45861] OpenFabrics Enterprise Distribution (OFED) "/proc/net/sdpstats" Denial of Service Vulnerability Message-ID: <201109072151.p87Lpg19000723@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: OpenFabrics Enterprise Distribution (OFED) "/proc/net/sdpstats" Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45861 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45861/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45861 RELEASE DATE: 2011-09-07 DISCUSS ADVISORY: http://secunia.com/advisories/45861/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45861/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45861 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in OpenFabrics Enterprise Distribution, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the implementation of the /proc/net/sdpstats proc file, which can be exploited to cause a crash by reading /proc/net/sdpstats. The vulnerability is reported in versions prior to 1.5.3. SOLUTION: Update to version 1.5.3. PROVIDED AND/OR DISCOVERED BY: Disclosed in a GIT commit. Possibly independently discovered by a SUSE customer. ORIGINAL ADVISORY: http://www.openwall.com/lists/oss-security/2011/09/06/3 http://git.openfabrics.org/git?p=ofed_1_5/linux-2.6.git;a=commitdiff;h=04bb801a31825d1559c4670253e1bea1291a1af8 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 15:15:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 00:15:50 +0200 Subject: [SEC] [SA45827] Hastymail2 Two Cross-Site Scripting Vulnerabilities Message-ID: <201109072215.p87MFoe8023000@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Hastymail2 Two Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA45827 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45827/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45827 RELEASE DATE: 2011-09-07 DISCUSS ADVISORY: http://secunia.com/advisories/45827/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45827/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45827 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Hastymail2, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised within the plugins functionality and the compose page before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 1.1 RC1. SOLUTION: Update to version 1.1 RC1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://hastymail.svn.sourceforge.net/viewvc/hastymail/trunk/hastymail2/CHANGES?revision=1983 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 15:50:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 00:50:01 +0200 Subject: [SEC] [SA45919] Fedora update for libsndfile Message-ID: <201109072250.p87Mo11d013347@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Fedora update for libsndfile SECUNIA ADVISORY ID: SA45919 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45919/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45919 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45919/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45919/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45919 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for libsndfile. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library. For more information: SA45125 SOLUTION: Apply updated packages via the yum utility ("yum update libsndfile"). ORIGINAL ADVISORY: FEDORA-2011-9319: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065167.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 16:16:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 01:16:24 +0200 Subject: [SEC] [SA45918] Fedora update for dhcp Message-ID: <201109072316.p87NGOa2003264@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Fedora update for dhcp SECUNIA ADVISORY ID: SA45918 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45918/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45918 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45918/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45918/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45918 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for dhcp. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45582 SOLUTION: Apply updated packages via the yum utility ("yum update dhcp"). ORIGINAL ADVISORY: FEDORA-2011-10705: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065176.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 16:50:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 01:50:36 +0200 Subject: [SEC] [SA45882] PlaySMS SMS Gateway Multiple File Inclusion Vulnerabilities Message-ID: <201109072350.p87NoaNY026035@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: PlaySMS SMS Gateway Multiple File Inclusion Vulnerabilities SECUNIA ADVISORY ID: SA45882 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45882/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45882 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45882/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45882/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45882 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: NoGe has discovered multiple vulnerabilities in PlaySMS SMS Gateway, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "apps_path[themes]" parameter to web/plugin/themes/default/page_forgot.php, web/plugin/themes/default/page_login.php, web/plugin/themes/default/page_noaccess.php, web/plugin/themes/default/page_register.php, web/plugin/themes/km2/page_noaccess.php, web/plugin/themes/work2/page_forgot.php, web/plugin/themes/work2/page_login.php, web/plugin/themes/work2/page_noaccess.php, and web/plugin/themes/work2/page_register.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local and external resources. Successful exploitation requires that "register_globals" is enabled. The vulnerabilities are confirmed in version 0.9.5.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: NoGe ORIGINAL ADVISORY: http://evilc0de.blogspot.com/2011/09/playsms-remote-file-inclusion.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 17:18:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 02:18:39 +0200 Subject: [SEC] [SA45898] Blue Coat Reporter Directory Traversal Vulnerability Message-ID: <201109080018.p880Idfa016065@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Blue Coat Reporter Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA45898 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45898/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45898 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45898/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45898/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45898 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Blue Coat Reporter, which can be exploited by malicious people to disclose sensitive information. Certain input is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences. The vulnerability is reported in version 8.x running on Windows. SOLUTION: Upgrade to version 9.3.1.1 PROVIDED AND/OR DISCOVERED BY: The vendor credits Alejandro Hernandez (nitr0us), Chatsubo Labs. ORIGINAL ADVISORY: https://kb.bluecoat.com/index?page=content&id=SA60 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 17:50:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 02:50:52 +0200 Subject: [SEC] [SA45917] Fedora update for rubygem-activesupport Message-ID: <201109080050.p880oq7H006273@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Fedora update for rubygem-activesupport SECUNIA ADVISORY ID: SA45917 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45917/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45917 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45917/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45917/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45917 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for rubygem-activesupport. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA45648 SOLUTION: Apply updated packages via the yum utility ("yum update rubygem-activesupport"). ORIGINAL ADVISORY: FEDORA-2011-11600: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065189.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 18:14:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 03:14:56 +0200 Subject: [SEC] [SA45901] Red Hat update for gstreamer-plugins Message-ID: <201109080114.p881EuIO028527@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Red Hat update for gstreamer-plugins SECUNIA ADVISORY ID: SA45901 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45901/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45901 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45901/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45901/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45901 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for gstreamer-plugins. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA45131 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1264-01: https://rhn.redhat.com/errata/RHSA-2011-1264.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 18:50:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 03:50:30 +0200 Subject: [SEC] [SA45813] WordPress Tweet old post Plugin "cat" SQL Injection Vulnerability Message-ID: <201109080150.p881oUVA018936@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: WordPress Tweet old post Plugin "cat" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA45813 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45813/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45813 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45813/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45813/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45813 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Tweet old post plugin for WordPress, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "cat" parameter to wp-admin/admin.php (when "page" is set to "ExcludePosts" and "setFilter" is set to "Filter") is not properly sanitised in wp-content/plugins/tweet-old-post/top-excludepost.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires the "Contributor" role. The vulnerability is confirmed in version 3.2.5. Prior versions may also be affected. SOLUTION: Fixed in the SVN repository. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: sherl0ck_ ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17789/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 19:19:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 04:19:03 +0200 Subject: [SEC] [SA45899] Blue Coat Reporter Directory Traversal Vulnerability Message-ID: <201109080219.p882J3H2009457@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Blue Coat Reporter Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA45899 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45899/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45899 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45899/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45899/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45899 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Blue Coat Reporter, which can be exploited by malicious people to disclose sensitive information. For more information: SA45898 The vulnerability is reported in versions prior to 9.3 running on Windows. SOLUTION: Update to version 9.3.1.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits Alejandro Hernandez (nitr0us), Chatsubo Labs. ORIGINAL ADVISORY: https://kb.bluecoat.com/index?page=content&id=SA60 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 19:49:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 04:49:55 +0200 Subject: [SEC] [SA45880] Citrix XenServer Multiple Vulnerabilities Message-ID: <201109080249.p882ntA6032051@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Citrix XenServer Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45880 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45880/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45880 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45880/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45880/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45880 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Citrix has acknowledged a weakness and multiple vulnerabilities in Citrix XenServer, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service), by malicious, local users to cause a DoS (Denial of Service) or gain escalated privileges, and by malicious people to compromise a vulnerable system. For more information: SA39080 SA43009 SA44037 SA44502 SA45746 SA45835 The weakness and vulnerabilities are reported in versions prior to 5.6 SP2. SOLUTION: Apply hotfixes. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: http://support.citrix.com/article/CTX130325 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 20:15:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 05:15:46 +0200 Subject: [SEC] [SA45916] Fedora update for pidgin Message-ID: <201109080315.p883Fkrr021978@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Fedora update for pidgin SECUNIA ADVISORY ID: SA45916 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45916/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45916 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45916/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45916/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45916 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for pidgin. This fixes two weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45663 SOLUTION: Apply updated packages via the yum utility ("yum update pidgin"). ORIGINAL ADVISORY: FEDORA-2011-11595: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065190.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 20:49:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 05:49:45 +0200 Subject: [SEC] [SA45921] Fedora update for rubygem-actionpack Message-ID: <201109080349.p883njfh012304@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Fedora update for rubygem-actionpack SECUNIA ADVISORY ID: SA45921 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45921/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45921 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45921/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45921/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45921 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for rubygem-actionpack. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and HTTP response splitting attacks. For more information: SA45648 SOLUTION: Apply updated packages via the yum utility ("yum update rubygem-actionpack"). ORIGINAL ADVISORY: FEDORA-2011-11567: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065137.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 7 21:16:24 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 06:16:24 +0200 Subject: [SEC] [SA45789] IBM OpenAdmin Tool for Informix Multiple Cross-Site Scripting Vulnerabilities Message-ID: <201109080416.p884GOkr002231@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: IBM OpenAdmin Tool for Informix Multiple Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA45789 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45789/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45789 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45789/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45789/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45789 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Sumit Kumar Soni has reported multiple vulnerabilities in IBM OpenAdmin Tool for Informix, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "informixserver", "host", and "port" parameters to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are reported in versions prior to 2.72. SOLUTION: Update to version 2.72 or later. PROVIDED AND/OR DISCOVERED BY: Sumit Kumar Soni ORIGINAL ADVISORY: http://voidroot.blogspot.com/2011/08/xss-in-ibm-open-admin-tool.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 10:37:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 19:37:51 +0200 Subject: [SEC] [SA45887] Cumin Log File Broker Credentials Disclosure Security Issue Message-ID: <201109081737.p88HbpUd031705@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Cumin Log File Broker Credentials Disclosure Security Issue SECUNIA ADVISORY ID: SA45887 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45887/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45887 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45887/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45887/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45887 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Cumin, which can be exploited by malicious, local users to disclose potentially sensitive information. The security issue is caused due to the application storing broker authentication credentials in the log file, which can be exploited to disclose the authentication credentials and e.g. connect to the broker and manipulate jobs or perform certain other operations. SOLUTION: Fixed in the SVN repository. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Red Hat bug #731574: https://bugzilla.redhat.com/show_bug.cgi?id=731574 RHSA-2011:1249-1: https://rhn.redhat.com/errata/RHSA-2011-1249.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 11:37:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 20:37:52 +0200 Subject: [SEC] [SA45930] WordPress 1 Flash Gallery Plugin Arbitrary File Upload Vulnerability Message-ID: <201109081837.p88Ibqak023394@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: WordPress 1 Flash Gallery Plugin Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA45930 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45930/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45930 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45930/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45930/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45930 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: supernothing has discovered a vulnerability in 1 Flash Gallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the wp-content/plugins/1-flash-gallery/upload.php script (when "action" is set to "uploadify" and "fileext" is set to e.g. "php") improperly verifying uploaded files. This can be exploited to execute arbitrary PHP code by uploading a PHP file. The vulnerability is confirmed in version 1.5.6. Prior versions may also be affected. SOLUTION: Update to version 1.5.8. PROVIDED AND/OR DISCOVERED BY: supernothing ORIGINAL ADVISORY: supernothing: http://spareclockcycles.org/2011/09/06/flash-gallery-arbitrary-file-upload/ 1 Flash Gallery Changelog: http://wordpress.org/extend/plugins/1-flash-gallery/changelog/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 12:39:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 21:39:02 +0200 Subject: [SEC] [SA45904] TP-LINK TD-8810 Cross-Site Request Forgery Vulnerability Message-ID: <201109081939.p88Jd2MG015158@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: TP-LINK TD-8810 Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA45904 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45904/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45904 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45904/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45904/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45904 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in TP-LINK TD-8810, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the device allowing users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. reboot the device when a logged-in user visits a specially crafted web page. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the device. PROVIDED AND/OR DISCOVERED BY: C4SS!0 G0M3S ORIGINAL ADVISORY: http://packetstormsecurity.org/files/view/104735/tplink-xsrf.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 13:39:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 22:39:41 +0200 Subject: [SEC] [SA45906] Fedora update for squid Message-ID: <201109082039.p88KdfOd006882@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Fedora update for squid SECUNIA ADVISORY ID: SA45906 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45906/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45906 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45906/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45906/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45906 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for squid. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA45805 SOLUTION: Apply updated packages via the yum utility ("yum update squid"). ORIGINAL ADVISORY: FEDORA-2011-11854: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065534.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 14:33:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 8 Sep 2011 23:33:42 +0200 Subject: [SEC] [SA45817] SUSE update for dhcp Message-ID: <201109082133.p88LXgnU030713@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SUSE update for dhcp SECUNIA ADVISORY ID: SA45817 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45817/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45817 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45817/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45817/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45817 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for dhcp. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45582 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1021-1: http://lists.opensuse.org/opensuse-updates/2011-09/msg00014.html SUSE-SU-2011:1023-1: https://hermes.opensuse.org/messages/11695711 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 15:05:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 00:05:45 +0200 Subject: [SEC] [SA45889] OpenVZ update for kernel Message-ID: <201109082205.p88M5jM1021008@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: OpenVZ update for kernel SECUNIA ADVISORY ID: SA45889 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45889/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45889 RELEASE DATE: 2011-09-08 DISCUSS ADVISORY: http://secunia.com/advisories/45889/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45889/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45889 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: OpenVZ has issued an update for the kernel. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to cause a DoS (Denial of Service). For more information: SA45328 SOLUTION: Update kernel branch RHEL5 to version 028stab093.2. ORIGINAL ADVISORY: http://wiki.openvz.org/Download/kernel/rhel5/028stab093.2 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 15:31:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 00:31:52 +0200 Subject: [SEC] [SA45894] SUSE update for otrs Message-ID: <201109082231.p88MVqV0010986@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SUSE update for otrs SECUNIA ADVISORY ID: SA45894 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45894/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45894 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45894/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45894/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45894 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for otrs. This fixes a vulnerability, which can be exploited by malicious users to disclose potentially sensitive information. For more information: SA45701 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1017-1: http://lists.opensuse.org/opensuse-updates/2011-09/msg00011.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 16:05:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 01:05:25 +0200 Subject: [SEC] [SA45902] Fedora update for mongoose Message-ID: <201109082305.p88N5PDW001327@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Fedora update for mongoose SECUNIA ADVISORY ID: SA45902 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45902/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45902 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45902/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45902/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45902 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for mongoose. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. For more information: SA45464 SOLUTION: Apply updated packages via the yum utility ("yum update mongoose"). ORIGINAL ADVISORY: FEDORA-2011-11825: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065537.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 16:31:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 01:31:21 +0200 Subject: [SEC] [SA45929] OpenCart Cache Arbitrary File Overwrite Vulnerability Message-ID: <201109082331.p88NVL8w023767@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: OpenCart Cache Arbitrary File Overwrite Vulnerability SECUNIA ADVISORY ID: SA45929 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45929/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45929 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45929/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45929/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45929 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Dang Hai Son has discovered a vulnerability in OpenCart, which can be exploited by malicious people to manipulate certain data. Input passed to "country_id" in index.php (when "route" is set to "account/register/zone") is not properly sanitised in system/library/cache.php before being used to create cache files. This can be exploited to overwrite arbitrary files via directory traversal attacks and URL-encoded NULL bytes. The vulnerability is confirmed in version 1.5.1.1. Prior versions may also be affected. SOLUTION: Update to version 1.5.1.2. PROVIDED AND/OR DISCOVERED BY: Dang Hai Son ORIGINAL ADVISORY: Dang Hai Son: http://vickigroup.wordpress.com/2011/09/06/opencart-arbitrary-file-creation-all-versions/ OpenCart Forum: http://forum.opencart.com/viewtopic.php?f=2&t=40275 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 16:52:09 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 01:52:09 +0200 Subject: [SEC] [SA45857] SCOoffice Server "STARTTLS" Plaintext Injection Vulnerability Message-ID: <201109082352.p88Nq9P1013501@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SCOoffice Server "STARTTLS" Plaintext Injection Vulnerability SECUNIA ADVISORY ID: SA45857 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45857/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45857 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45857/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45857/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45857 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SCOoffice Server, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to the TLS implementation not properly clearing transport layer buffers when upgrading from plaintext to ciphertext after receiving the "STARTTLS" command. This can be exploited to insert arbitrary plaintext data (e.g. SMTP commands) during the plaintext phase, which will then be executed after upgrading to the TLS ciphertext phase. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Wietse Venema via US-CERT. ORIGINAL ADVISORY: US-CERT (VU#555316): http://www.kb.cert.org/vuls/id/555316 http://www.kb.cert.org/vuls/id/MAPG-8D9M6A OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 17:20:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 02:20:50 +0200 Subject: [SEC] [SA45922] SUSE update for rsyslog Message-ID: <201109090020.p890KouW003621@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SUSE update for rsyslog SECUNIA ADVISORY ID: SA45922 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45922/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45922 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45922/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45922/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45922 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for rsyslog. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA45848 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1020-1: http://lists.opensuse.org/opensuse-updates/2011-09/msg00013.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 17:51:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 02:51:49 +0200 Subject: [SEC] [SA45866] Procyon SCADA Core Service Buffer Overflow Vulnerability Message-ID: <201109090051.p890pnQf026292@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Procyon SCADA Core Service Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45866 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45866/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45866 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45866/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45866/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45866 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in Procyon SCADA, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the Core service (Coreservice.exe) when handling "LOGON" requests. This can be exploited to cause a stack-based buffer overflow via an overly long string sent to TCP port 23. Successful exploitation allows execution of arbitrary code with SYSTEM privileges. The vulnerability is confirmed in version 1.06. Other versions may also be affected. SOLUTION: Update to version 1.14. PROVIDED AND/OR DISCOVERED BY: Knud H?jgaard, nSense via ICS-CERT and Steven Seeley, stratsec. ORIGINAL ADVISORY: ICS-CERT: http://www.uscert.gov/control_systems/pdf/ICSA-11-216-01.pdf stratsec: http://www.stratsec.net/Research/Advisories/Procyon-Core-Server-HMI-Remote-Stack-Overflow OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 18:16:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 03:16:49 +0200 Subject: [SEC] [SA45920] SUSE update for squid3 Message-ID: <201109090116.p891GnSj016240@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SUSE update for squid3 SECUNIA ADVISORY ID: SA45920 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45920/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45920 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45920/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45920/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45920 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for squid3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA45805 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1018-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00012.html SUSE-SU-2011:1019-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00013.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 18:52:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 03:52:19 +0200 Subject: [SEC] [SA45879] AM4SS Cross Site Request Forgery Vulnerability Message-ID: <201109090152.p891qJDb006714@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: AM4SS Cross Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA45879 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45879/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45879 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45879/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45879/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45879 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in AM4SS, which can be exploited by malicious people to conduct cross-site request forgery attacks. The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an administrator by tricking a logged in administrator into visiting a malicious web site. The vulnerability is confirmed in version 1.2. Other versions may also be affected. SOLUTION: Do not browse untrusted websites or follow untrusted links while logged in to the application. PROVIDED AND/OR DISCOVERED BY: red virus ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17800 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 19:22:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 04:22:08 +0200 Subject: [SEC] [SA45888] babelweb Supplementary Groups Weakness Message-ID: <201109090222.p892M8kC029783@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: babelweb Supplementary Groups Weakness SECUNIA ADVISORY ID: SA45888 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45888/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45888 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45888/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45888/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45888 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in babelweb, which can be exploited by malicious, local users to potentially perform certain actions with escalated privileges. The weakness is caused due to the application not properly dropping supplementary groups. The weakness is reported in version 0.2.2. Prior versions may also be affected. SOLUTION: Update to version 0.2.3. PROVIDED AND/OR DISCOVERED BY: The vendor credits Julien Cristau. ORIGINAL ADVISORY: https://github.com/kerneis/babelweb/commit/7194372fdaf1abed8ee6ce5f4a2f08e12d7c3e64 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 19:51:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 04:51:28 +0200 Subject: [SEC] [SA45911] Drupal Author Pane Module Security Bypass Weakness Message-ID: <201109090251.p892pSwI019959@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Drupal Author Pane Module Security Bypass Weakness SECUNIA ADVISORY ID: SA45911 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45911/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45911 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45911/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45911/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45911 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the Author Pane module for Drupal, which can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to the module improperly verifying the "view all user locations" access permissions when displaying user locations through the Location module, which can be exploited to disclose the location of arbitrary users. Successful exploitation of this weakness requires that display of user locations is enabled within the module. The weakness is reported in versions prior to 6.x-2.2. SOLUTION: Update to version 6.x-2.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Tony Brooke (silentway) and Skispcs. ORIGINAL ADVISORY: SA-CONTRIB-2011-040: http://drupal.org/node/1272032 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 20:17:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 05:17:45 +0200 Subject: [SEC] [SA45903] SkaDate "tag" Cross-Site Scripting Vulnerability Message-ID: <201109090317.p893HjKE009975@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: SkaDate "tag" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA45903 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45903/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45903 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45903/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45903/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45903 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Sony has reported a vulnerability in SkaDate, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "tag" parameter to member/blogs.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 8.0.2400. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Sony ORIGINAL ADVISORY: http://st2tea.blogspot.com/2011/09/skadate-blogs-cross-site-scripting.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 20:51:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 05:51:04 +0200 Subject: [SEC] [SA45883] Cisco Nexus Series Switches ACL Deny Statement Security Bypass Security Issue Message-ID: <201109090351.p893p4uH032748@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Cisco Nexus Series Switches ACL Deny Statement Security Bypass Security Issue SECUNIA ADVISORY ID: SA45883 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45883/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45883 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45883/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45883/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45883 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in Cisco NX-OS, which can be exploited by malicious people to bypass certain security restrictions. The security issue is caused due to an error when a remark is configured before a deny statement on an ACL and can be exploited to bypass deny statements. The security issue is reported in the following products: * Cisco Nexus 3000 Series Switches versions prior to 5.0(3)U1(2a) or 5.0(3)U2(1) * Cisco Nexus 5000 Series Switches versions prior to 5.0(3)N2(1) SOLUTION: Apply update. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110907-nexus.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 21:17:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 06:17:14 +0200 Subject: [SEC] [SA45873] WordPress Community Events Plugin "id" Cross-Site Scripting and SQL Injection Vulnerabilities Message-ID: <201109090417.p894HEhb022774@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: WordPress Community Events Plugin "id" Cross-Site Scripting and SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA45873 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45873/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45873 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45873/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45873/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45873 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Miroslav Stampar has discovered two vulnerabilities in the Community Events plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Input passed via the "id" parameter to wp-content/plugins/community-events/tracker.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed via the "id" parameter to wp-content/plugins/community-events/tracker.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 1.2.2. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Miroslav Stampar ORIGINAL ADVISORY: http://unconciousmind.blogspot.com/2011/09/wordpress-community-events-plugin-121.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 8 21:51:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 06:51:37 +0200 Subject: [SEC] [SA45895] Avaya Contact Recording and Quality Monitoring Buffer Overflow Vulnerability Message-ID: <201109090451.p894pbaA013213@CRON-IX-2.intnet> ---------------------------------------------------------------------- The Secunia CSI 5.0 Beta - now available for testing Find out more, take a free test drive, and share your opinion with us: http://secunia.com/blog/242 ---------------------------------------------------------------------- TITLE: Avaya Contact Recording and Quality Monitoring Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45895 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45895/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45895 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45895/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45895/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45895 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Avaya Contact Recording and Quality Monitoring, which can be exploited by malicious people to compromise a vulnerable system. The application bundles a vulnerable version of Witness Systems eQuality. For more information: SA45842 The vulnerability is reported in version 7.0.3.27. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: AbdulAziz Hariri, ThirdEyeTesters via ZDI. ORIGINAL ADVISORY: http://www.zerodayinitiative.com/advisories/ZDI-11-279/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 10:38:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 19:38:25 +0200 Subject: [SEC] [SA45955] LightNEasy Multiple Script Insertion Vulnerabilities Message-ID: <201109091738.p89HcP8S003754@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: LightNEasy Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA45955 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45955/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45955 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45955/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45955/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45955 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered multiple vulnerabilities in LightNEasy, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the "commentname", "commentemail", and "commentmessage" POST parameters to LightNEasy.php (when "submit" is set to "sendcomment" and "page" is set to "news") is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are confirmed in version 3.2.4. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: http://www.rul3z.de/advisories/SSCHADV2011-013.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 11:41:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 20:41:03 +0200 Subject: [SEC] [SA45942] Spring Framework Multiple Vulnerabilities Message-ID: <201109091841.p89If32d028088@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Spring Framework Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45942 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45942/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45942 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45942/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45942/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45942 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in the Spring Framework, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. 1) Various errors related to the deserialisation of objects can be exploited to e.g. execute arbitrary commands or bypass authentication mechanisms. 2) An error related to the evaluation of Expression Language (EL) in MVC tags and containers supporting EL can be exploited to e.g. disclose classpaths and working directories or session IDs by injecting EL statements. This vulnerabilities are reported in version 3.0.0 to 3.0.5. SOLUTION: Update to version 3.0.6 PROVIDED AND/OR DISCOVERED BY: 1) The vendor credits Wouter Coekaerts. 2) Stefano Di Paola, Minded Security and Arshan Dabirsiaghi, Aspect Security ORIGINAL ADVISORY: http://www.springsource.com/security/cve-2011-2894 http://www.springsource.com/security/cve-2011-2730 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 12:39:31 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 21:39:31 +0200 Subject: [SEC] [SA45957] Spring Framework Expression Language Injection Vulnerability Message-ID: <201109091939.p89JdVZQ019788@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Spring Framework Expression Language Injection Vulnerability SECUNIA ADVISORY ID: SA45957 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45957/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45957 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45957/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45957/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45957 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Spring Framework, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the handling of the Expression Language. For more information see vulnerability #2 in: SA45942 The vulnerability is reported in versions 2.5.0 to 2.5.6.SEC02 (community releases) and 2.5.0 to 2.5.7.SR01 (subscription customers). SOLUTION: Update to version 2.5.6.SEC03 onwards (community releases) and 2.5.7.SR02 (subscription customers). ORIGINAL ADVISORY: http://www.springsource.com/security/cve-2011-2730 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 13:39:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 22:39:10 +0200 Subject: [SEC] [SA45958] Spring Security Multiple Vulnerabilities Message-ID: <201109092039.p89KdAj5011545@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Spring Security Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45958 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45958/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45958 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45958/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45958/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45958 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Spring Security, which can be exploited by malicious people to gain escalated privileges, conduct HTTP header injection attacks, and bypass certain security restrictions. 1) Various errors related to the deserialisation of objects can be exploited to bypass the authentication mechanism by sending a specially crafted proxy instance to a vulnerable server. This is related to vulnerability #1 in: SA45942 2) A race condition within the RunAsManager implementation can be exploited to run threads with escalated privileges. 3) Input passed via the redirection parameter ("spring-security-redirect" by default) is not properly sanitised before being used in a HTTP response. This can be exploited to inject arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site. SOLUTION: Update to version 2.0.7 or 3.0.6. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Wouter Coekaerts 2) Rob Winch 3) David Mas ORIGINAL ADVISORY: http://www.springsource.com/security/cve-2011-2894 http://www.springsource.com/security/cve-2011-2731 http://www.springsource.com/security/cve-2011-2732 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 14:31:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 9 Sep 2011 23:31:53 +0200 Subject: [SEC] [SA45877] librsvg Node Type Handling Vulnerability Message-ID: <201109092131.p89LVrb5002962@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: librsvg Node Type Handling Vulnerability SECUNIA ADVISORY ID: SA45877 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45877/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45877 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45877/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45877/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45877 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in librsvg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. The vulnerability is caused due to an error within the handling of node types, which can be exploited to dereference invalid memory via specially crafted SVG images. The vulnerability is reported in versions prior to 2.34.1. SOLUTION: Update to version 2.34.1. PROVIDED AND/OR DISCOVERED BY: Ubuntu credits Sauli Pahlman. ORIGINAL ADVISORY: http://ftp.gnome.org/pub/GNOME/sources/librsvg/2.34/librsvg-2.34.1.news https://bugzilla.gnome.org/show_bug.cgi?id=658014 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 15:04:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 00:04:53 +0200 Subject: [SEC] [SA45886] Qemu "scsi_disk_emulate_command()" Denial of Service Weakness Message-ID: <201109092204.p89M4r2V025810@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Qemu "scsi_disk_emulate_command()" Denial of Service Weakness SECUNIA ADVISORY ID: SA45886 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45886/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45886 RELEASE DATE: 2011-09-09 DISCUSS ADVISORY: http://secunia.com/advisories/45886/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45886/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45886 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Qemu, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service). The weakness is caused due to a boundary error within the "scsi_disk_emulate_command()" function (hw/scsi-disk.c) of the SCSI subsystem and can be exploited to cause a buffer overflow and crash a guest by e.g. sending a specially crafted "READ CAPACITY" command. SOLUTION: Restrict access to trusted users. PROVIDED AND/OR DISCOVERED BY: Red Hat credits Paolo Bonzini. ORIGINAL ADVISORY: Red Hat bug #736038: https://bugzilla.redhat.com/show_bug.cgi?id=736038 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 15:30:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 00:30:53 +0200 Subject: [SEC] [SA45853] TYPO3 Font resizer Extension URL Redirection Weakness Message-ID: <201109092230.p89MUrtH015893@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TYPO3 Font resizer Extension URL Redirection Weakness SECUNIA ADVISORY ID: SA45853 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45853/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45853 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45853/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45853/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45853 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in the Font resizer extension for TYPO3, which can be exploited by malicious people to conduct spoofing attacks. Unspecified input via the URL is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain. The weakness is reported in version 2.0.2 and prior. SOLUTION: Update to version 2.0.3. PROVIDED AND/OR DISCOVERED BY: Georg Ringer, TYPO3 Security Team ORIGINAL ADVISORY: TYPO3-EXT-SA-2011-006: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-006/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 15:54:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 00:54:39 +0200 Subject: [SEC] [SA45943] SUSE update for pure-ftpd Message-ID: <201109092254.p89MsdbS005822@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: SUSE update for pure-ftpd SECUNIA ADVISORY ID: SA45943 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45943/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45943 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45943/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45943/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45943 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for pure-ftpd. This fixes a vulnerability, which can be exploited by malicious, local users and malicious people to manipulate certain data. Input passed via the username during the authentication process is not properly sanitised before being used and can be exploited to create arbitrary directories via directory traversal sequences. NOTE: Malicious, local users can further exploit this to overwrite arbitrary files via symlink attacks. SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1028-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00015.html SUSE-SU-2011:1029-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00016.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 16:18:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 01:18:10 +0200 Subject: [SEC] [SA45948] Fedora update for pl Message-ID: <201109092318.p89NIAeO028202@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Fedora update for pl SECUNIA ADVISORY ID: SA45948 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45948/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45948 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45948/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45948/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45948 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for pl. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA45900 SOLUTION: Apply updated packages via the yum utility ("yum update pl"). ORIGINAL ADVISORY: FEDORA-2011-11318: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065539.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 16:53:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 01:53:35 +0200 Subject: [SEC] [SA45947] TYPO3 Direct Mail Subscription Extension Two Vulnerabilities Message-ID: <201109092353.p89NrZ5F018753@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TYPO3 Direct Mail Subscription Extension Two Vulnerabilities SECUNIA ADVISORY ID: SA45947 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45947/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45947 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45947/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45947/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45947 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Direct Mail Subscription extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. 1) Certain unspecified input is not properly sanitised in pi/class.dmailsubscribe.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Certain unspecified input is not properly sanitised in pi/class.dmailsubscribe.php before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 1.1.0 and prior. SOLUTION: Update to version 1.1.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: TYPO3-EXT-SA-2011-007: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-007/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 17:20:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 02:20:10 +0200 Subject: [SEC] [SA45945] Fedora update for cups Message-ID: <201109100020.p8A0KAwe008837@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Fedora update for cups SECUNIA ADVISORY ID: SA45945 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45945/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45945 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45945/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45945/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45945 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA45713 SOLUTION: Apply updated packages via the yum utility ("yum update cups"). ORIGINAL ADVISORY: FEDORA-2011-11221: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065550.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 17:51:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 02:51:36 +0200 Subject: [SEC] [SA45923] TYPO3 MailformPlus Extension Cross-Site Scripting Vulnerability Message-ID: <201109100051.p8A0pavW031608@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TYPO3 MailformPlus Extension Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA45923 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45923/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45923 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45923/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45923/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45923 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the MailformPlus extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in version 4.0.15 and prior. SOLUTION: Update to version 4.0.16 and the vendor recommends to switch to the follow-up extension "formhandler" due to end of maintenance. PROVIDED AND/OR DISCOVERED BY: The TYPO3 Security Team credits Martin Ficzel. ORIGINAL ADVISORY: TYPO3-EXT-SA-2011-009: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-009/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 18:17:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 03:17:03 +0200 Subject: [SEC] [SA45928] Red Hat update for Red Hat Enterprise MRG Message-ID: <201109100117.p8A1H3Ot021656@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Red Hat update for Red Hat Enterprise MRG SECUNIA ADVISORY ID: SA45928 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45928/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45928 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45928/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45928/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45928 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for Red Hat Enterprise MRG. This fixes a security issue, which can be exploited by malicious, local users to disclose potentially sensitive information. For more information: SA45887 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1249-1: https://rhn.redhat.com/errata/RHSA-2011-1249.html RHSA-2011:1250-1: https://rhn.redhat.com/errata/RHSA-2011-1250.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 18:52:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 03:52:11 +0200 Subject: [SEC] [SA45900] SWI-Prolog XPCE Component "LZWReadByte()" Buffer Overflow Vulnerability Message-ID: <201109100152.p8A1qBOd012195@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: SWI-Prolog XPCE Component "LZWReadByte()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45900 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45900/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45900 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45900/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45900/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45900 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in SWI-Prolog, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the XPCE component within the "LZWReadByte()" function (img/gifread.c) and can be exploited to cause a buffer overflow via specially crafted GIF images. The vulnerability is reported in version 5.10.2. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Red Hat Security Response Team ORIGINAL ADVISORY: SWI-Prolog: http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c4 http://www.swi-prolog.org/git/packages/xpce.git/commitdiff/bb328029beb148691edc031d9db9cf0a503c8247 http://www.swi-prolog.org/git/packages/xpce.git/commitdiff/30fbc4e030cbef5871e1b96c31458116ce3e2ee8 Red Hat: https://bugzilla.redhat.com/show_bug.cgi?id=727800 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 19:24:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 04:24:05 +0200 Subject: [SEC] [SA45931] WordPress WP-Filebase Plugin "base" SQL Injection Vulnerability Message-ID: <201109100224.p8A2O5xn003042@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress WP-Filebase Plugin "base" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA45931 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45931/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45931 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45931/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45931/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45931 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Miroslav Stampar has discovered a vulnerability in the WP-Filebase plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "base" parameter to wp-content/plugins/wp-filebase/wpfb-ajax.php (when "action" is set to "tree") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 0.2.9. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Miroslav Stampar ORIGINAL ADVISORY: http://unconciousmind.blogspot.com/2011/09/wordpress-wp-filebase-download-manager.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 19:50:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 04:50:32 +0200 Subject: [SEC] [SA45905] Embarcadero ER/Studio Portal Tom Sawyer ActiveX Control Memory Corruption Vulnerability Message-ID: <201109100250.p8A2oWB2025576@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Embarcadero ER/Studio Portal Tom Sawyer ActiveX Control Memory Corruption Vulnerability SECUNIA ADVISORY ID: SA45905 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45905/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45905 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45905/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45905/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45905 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: rgod has reported a vulnerability in Embarcadero ER/Studio Portal, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the Tom Sawyer GET Extension Factory ActiveX control. For more information: SA44844 The vulnerability is reported in version 1.6. Other versions may also be affected. SOLUTION: Update to version 1.6.1. PROVIDED AND/OR DISCOVERED BY: rgod ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/bugtraq/2011-09/0050.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 20:14:16 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 05:14:16 +0200 Subject: [SEC] [SA45926] Debian update for bcfg2 Message-ID: <201109100314.p8A3EGVp015542@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Debian update for bcfg2 SECUNIA ADVISORY ID: SA45926 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45926/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45926 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45926/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45926/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45926 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for bcfg2. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA45807 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2302-1: http://www.debian.org/security/2011/dsa-2302 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 20:49:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 05:49:52 +0200 Subject: [SEC] [SA45946] TYPO3 phpMyAdmin Extension Multiple Script Insertion Vulnerabilities Message-ID: <201109100349.p8A3nqIL006113@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TYPO3 phpMyAdmin Extension Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA45946 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45946/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45946 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45946/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45946/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45946 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the phpMyAdmin extension for TYPO3, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA45709 The vulnerabilities are reported in versions 4.11.2 and prior. SOLUTION: Update to version 4.11.3. PROVIDED AND/OR DISCOVERED BY: The vendor of the standalone version of phpMyAdmin credits Norman Hippert, The-Wildcat.de. ORIGINAL ADVISORY: TYPO3-EXT-SA-2011-005: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-005/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 21:15:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 06:15:10 +0200 Subject: [SEC] [SA45934] WordPress PhotoSmash Plugin "action" Cross-Site Scripting Vulnerability Message-ID: <201109100415.p8A4FAkk028568@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress PhotoSmash Plugin "action" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA45934 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45934/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45934 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45934/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45934/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45934 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered a vulnerability in the PhotoSmash plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "action" parameter to wp-content/plugins/photosmash-galleries/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.0.2. Prior versions may also be affected. SOLUTION: Update to version 1.0.5 or later. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: PhotoSmash: http://wordpress.org/extend/plugins/photosmash-galleries/changelog/ http://plugins.trac.wordpress.org/changeset?reponame=&new=349566%40photosmash-galleries&old=347962%40photosmash-galleries HTB22867: https://www.htbridge.ch/advisory/xss_in_photosmash_wordpress_plugin.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 21:48:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 06:48:41 +0200 Subject: [SEC] [SA45859] SUSE update for opera Message-ID: <201109100448.p8A4mfhp019044@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: SUSE update for opera SECUNIA ADVISORY ID: SA45859 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45859/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45859 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45859/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45859/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45859 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for opera. This fixes two vulnerabilities, where one has unknown impacts and the other one can be exploited by malicious people to bypass certain security features. For more information: SA45791 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: openSUSE-SU-2011:1025-1: http://lists.opensuse.org/opensuse-updates/2011-09/msg00016.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Fri Sep 9 22:14:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 07:14:15 +0200 Subject: [SEC] [SA45938] Cyrus IMAPd "split_wildmats()" Buffer Overflow Vulnerability Message-ID: <201109100514.p8A5EFkc009096@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cyrus IMAPd "split_wildmats()" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45938 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45938/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45938 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45938/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45938/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45938 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cyrus IMAPd, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to a boundary error within the "split_wildmats()" function (imap/nntpd.c) and can be exploited to cause a stack-based buffer overflow by sending specially crafted NNTP commands to a vulnerable server. The vulnerability is reported in versions prior to 2.3.17 and 2.4.11. SOLUTION: Update to versions 2.3.17 and 2.4.11. PROVIDED AND/OR DISCOVERED BY: Red Hat credits Greg Banks. ORIGINAL ADVISORY: http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=199 http://asg.andrew.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=200 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Sep 10 10:35:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 19:35:43 +0200 Subject: [SEC] [SA45927] Wireshark Multiple Vulnerabilities Message-ID: <201109101735.p8AHZhKv003193@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Wireshark Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45927 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45927/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45927 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45927/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45927/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45927 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. 1) An error within the processing of certain IKE packets can be exploited to cause an infinite loop leading to e.g. a high resource consumption and crashes. 2) An unspecified error related to Lua scripts can be exploited to execute arbitrary Lua scripts via vectors similar to "DLL hijacking". 3) An error related to an uninitialised variable within the CSN.1 dissector can be exploited to cause a crash. Note: This vulnerability only affects versions 1.6.0 to 1.6.1. Additionally, an error within the buffer exception handling can result in a crash when opening a malformed packet trace file. SOLUTION: Update to versions 1.4.9 or 1.6.2. PROVIDED AND/OR DISCOVERED BY: 1) Penetration test team of NCNIPC (China) 2, 3) Reported by the vendor. ORIGINAL ADVISORY: http://www.wireshark.org/security/wnpa-sec-2011-13.html http://www.wireshark.org/security/wnpa-sec-2011-14.html http://www.wireshark.org/security/wnpa-sec-2011-15.html http://www.wireshark.org/security/wnpa-sec-2011-16.html http://archives.neohapsis.com/archives/bugtraq/2011-07/0079.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Sep 10 11:36:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 20:36:51 +0200 Subject: [SEC] [SA45030] TYPO3 SmoothGallery Extension Two Vulnerabilities Message-ID: <201109101836.p8AIap6N027523@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TYPO3 SmoothGallery Extension Two Vulnerabilities SECUNIA ADVISORY ID: SA45030 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45030/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45030 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45030/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45030/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45030 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in the SmoothGallery extension for TYPO3, which can be exploited by malicious people to disclose sensitive information and conduct cross-site scripting attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An unspecified error can be exploited to disclose arbitrary files. Currently there is no further information available. The vulnerabilities are reported in version 1.5.1 and prior. SOLUTION: Update to version 1.5.2. PROVIDED AND/OR DISCOVERED BY: Helmut Hummel and Dmitry Dulepov, TYPO3 Security Team ORIGINAL ADVISORY: TYPO3-EXT-SA-2011-008: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-008/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Sep 10 12:38:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 21:38:08 +0200 Subject: [SEC] [SA45954] HP-UX Apache Web Server Suite Two Denial of Service Vulnerabilities Message-ID: <201109101938.p8AJc8gJ019438@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: HP-UX Apache Web Server Suite Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA45954 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45954/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45954 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45954/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45954/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45954 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: HP has acknowledged two vulnerabilities in HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA44574 SA45606 The vulnerabilities are reported in the following versions: * HP-UX B.11.23 and B.11.31 running HP-UX Apache Web Server Suite version 3.18 containing Apache v2.2.15.08 or prior. * HP-UX B.11.11, B.11.23, and B.11.31 running HP-UX Apache Web Server Suite version 2.33 containing Apache v2.0.64.01 or prior. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: HPSBUX02702 SSRT100606: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02997184 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Sep 10 13:37:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 22:37:30 +0200 Subject: [SEC] [SA45935] Megalith Authentication Security Bypass Vulnerability Message-ID: <201109102037.p8AKbUDM011237@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Megalith Authentication Security Bypass Vulnerability SECUNIA ADVISORY ID: SA45935 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45935/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45935 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45935/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45935/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45935 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Megalith, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an unspecified error within the authentication mechanism and can be exploited to gain administrative privileges. SOLUTION: Update to the latest version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: JVN credits Dr. Chuan Guanglunshan. ORIGINAL ADVISORY: Megalith: http://9.dotpp.net/software/megalith/JVN45458289/ JVN: http://jvn.jp/jp/JVN45458289/index.html http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000073.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Sep 10 14:31:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sat, 10 Sep 2011 23:31:41 +0200 Subject: [SEC] [SA45908] Fedora update for perl-Data-FormValidator Message-ID: <201109102131.p8ALVfJF002784@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Fedora update for perl-Data-FormValidator SECUNIA ADVISORY ID: SA45908 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45908/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45908 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45908/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45908/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45908 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for perl-Data-FormValidator. This fixes a security issue, which can be exploited by malicious people to disclose potentially sensitive information and bypass certain security restrictions. For more information: SA44832 SOLUTION: Apply updated packages via the yum utility ("yum update perl-Data-FormValidator"). ORIGINAL ADVISORY: FEDORA-2011-11805: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065478.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Sep 10 15:03:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 11 Sep 2011 00:03:54 +0200 Subject: [SEC] [SA45870] Quassel IRC Core CTCP Processing Denial of Service Vulnerability Message-ID: <201109102203.p8AM3sLX025677@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Quassel IRC Core CTCP Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45870 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45870/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45870 RELEASE DATE: 2011-09-10 DISCUSS ADVISORY: http://secunia.com/advisories/45870/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45870/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45870 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Quassel IRC, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the "CtcpParser::packedReply()" method (src/core/ctcpparser.cpp) when processing Client-To-Client Protocol (CTCP) messages. This can be exploited to crash the central core process resulting in loss of IRC service for distributed clients. The vulnerability is reported in version 0.7.2. Other versions may also be affected. SOLUTION: Fixed in the GIT repository. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://bugs.quassel-irc.org/issues/1095 http://git.quassel-irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Sat Sep 10 15:30:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Sun, 11 Sep 2011 00:30:25 +0200 Subject: [SEC] [SA45933] Debian update for linux-2.6 Message-ID: <201109102230.p8AMUPa7015834@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Debian update for linux-2.6 SECUNIA ADVISORY ID: SA45933 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45933/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45933 RELEASE DATE: 2011-09-11 DISCUSS ADVISORY: http://secunia.com/advisories/45933/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45933/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45933 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for linux-2.6. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA40205 SA44094 SA44466 SA44754 SA45420 SA45489 SA45533 SA45695 1) A vulnerability related to VLAN GRO_DROP and the "napi_reuse_skb()" function can be exploited to cause a DoS by sending specially crafted packets. SOLUTION: Apply updated packages via the apt-get package manager. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: DSA-2303-1: http://lists.debian.org/debian-security-announce/2011/msg00179.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 12 10:36:15 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Sep 2011 19:36:15 +0200 Subject: [SEC] [SA45964] Debian update for ffmpeg Message-ID: <201109121736.p8CHaFjm007120@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Debian update for ffmpeg SECUNIA ADVISORY ID: SA45964 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45964/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45964 RELEASE DATE: 2011-09-12 DISCUSS ADVISORY: http://secunia.com/advisories/45964/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45964/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45964 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for ffmpeg. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise an application using the library. For more information: SA41626 SA43197 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2306-1: http://www.debian.org/security/2011/dsa-2306 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 12 11:34:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Sep 2011 20:34:44 +0200 Subject: [SEC] [SA44722] ACDSee FotoSlate PLP File Processing Buffer Overflow Vulnerability Message-ID: <201109121834.p8CIYiI4031461@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: ACDSee FotoSlate PLP File Processing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA44722 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44722/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44722 RELEASE DATE: 2011-09-12 DISCUSS ADVISORY: http://secunia.com/advisories/44722/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44722/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44722 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Parvez Anwar has discovered a vulnerability in ACDSee FotoSlate, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing the "id" parameter of a "" or "" tag in a FotoSlate Project (PLP) file. This can be exploited to cause a stack-based buffer overflow via an overly long string assigned to the parameter. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 4.0 Build 146. Other versions may also be affected. SOLUTION: Do not open PLP files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: Parvez Anwar via Secunia. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 12 12:34:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Sep 2011 21:34:21 +0200 Subject: [SEC] [SA45937] Cisco SAN-OS HTTP Server ByteRange Filter Denial of Service Vulnerability Message-ID: <201109121934.p8CJYLFH023421@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco SAN-OS HTTP Server ByteRange Filter Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45937 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45937/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45937 RELEASE DATE: 2011-09-12 DISCUSS ADVISORY: http://secunia.com/advisories/45937/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45937/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45937 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Cisco has acknowledged a vulnerability in Cisco SAN-OS, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45606 The vulnerability is reported in versions 3.x. SOLUTION: Restrict access to trusted hosts only. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110830-apache.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 12 13:33:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Sep 2011 22:33:52 +0200 Subject: [SEC] [SA45959] WordPress Easy Comment Uploads Plugin Arbitrary File Upload Vulnerability Message-ID: <201109122033.p8CKXqCc015374@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress Easy Comment Uploads Plugin Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA45959 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45959/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45959 RELEASE DATE: 2011-09-12 DISCUSS ADVISORY: http://secunia.com/advisories/45959/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45959/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45959 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Easy Comment Uploads plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to the wp-content/plugins/easy-comment-uploads/upload.php script not properly verifying uploaded file types. This can be exploited to upload a PHTML file and execute arbitrary PHP code. The vulnerability is confirmed in version 0.61. Prior versions may also be affected. SOLUTION: Update to version 0.70 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Easy Comment Uploads: http://wordpress.org/extend/plugins/easy-comment-uploads/changelog/ http://plugins.trac.wordpress.org/changeset/433370/easy-comment-uploads/trunk/main.php?old=417432&old_path=easy-comment-uploads%2Ftrunk%2Fmain.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 12 14:28:05 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Sep 2011 23:28:05 +0200 Subject: [SEC] [SA45956] Fedora update for openssl Message-ID: <201109122128.p8CLS5lO007071@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Fedora update for openssl SECUNIA ADVISORY ID: SA45956 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45956/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45956 RELEASE DATE: 2011-09-12 DISCUSS ADVISORY: http://secunia.com/advisories/45956/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45956/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45956 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. For more information see vulnerability #1: SA45781 SOLUTION: Apply updated packages via the yum utility ("yum update openssl"). ORIGINAL ADVISORY: FEDORA-2011-12281: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065712.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 12 14:49:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Mon, 12 Sep 2011 23:49:56 +0200 Subject: [SEC] [SA45965] Debian update for squid3 Message-ID: <201109122149.p8CLnueX029530@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Debian update for squid3 SECUNIA ADVISORY ID: SA45965 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45965/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45965 RELEASE DATE: 2011-09-12 DISCUSS ADVISORY: http://secunia.com/advisories/45965/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45965/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45965 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for squid3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information: SA45805 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2304-1: http://www.debian.org/security/2011/dsa-2304 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 12 15:15:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 00:15:44 +0200 Subject: [SEC] [SA45876] TYPO3 WEC Staff Directory Extension Arbitrary File Upload Vulnerability Message-ID: <201109122215.p8CMFiQP019781@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TYPO3 WEC Staff Directory Extension Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA45876 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45876/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45876 RELEASE DATE: 2011-09-12 DISCUSS ADVISORY: http://secunia.com/advisories/45876/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45876/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45876 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the WEC Staff Directory extension for TYPO3, which can be exploited by malicious users to compromise a vulnerable system. The vulnerability is caused due to an unspecified error, which can be exploited to e.g. upload arbitrary PHP files. The vulnerability is reported in version 2.1.1 and prior. SOLUTION: Update to version 2.1.2. PROVIDED AND/OR DISCOVERED BY: The TYPO3 Security Team credits David Denicol?. ORIGINAL ADVISORY: TYPO3-EXT-SA-2011-006: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-006/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 12 15:51:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 00:51:19 +0200 Subject: [SEC] [SA45963] Debian update for chromium-browser Message-ID: <201109122251.p8CMpJsQ010505@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Debian update for chromium-browser SECUNIA ADVISORY ID: SA45963 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45963/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45963 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45963/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45963/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45963 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for chromium-browser. This fixes multiple vulnerabilities, where some have an unknown impact while others can be exploited by malicious people to disclose sensitive information and compromise a user's system. For more information: SA45498 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2307-1: http://www.debian.org/security/2011/dsa-2307 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 12 16:19:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 01:19:29 +0200 Subject: [SEC] [SA45970] Ubuntu update for quassel Message-ID: <201109122319.p8CNJTVd000827@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Ubuntu update for quassel SECUNIA ADVISORY ID: SA45970 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45970/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45970 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45970/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45970/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45970 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for quassel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45870 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1200-1: http://www.ubuntu.com/usn/usn-1200-1 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 12 16:58:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 01:58:21 +0200 Subject: [SEC] [SA45939] Django Multiple Vulnerabilities Message-ID: <201109122358.p8CNwL79024201@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Django Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45939 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45939/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45939 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45939/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45939/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45939 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in Django, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service). 1) An error within the handling of sessions within django.contrib.sessions when using the caching backend can be exploited to manipulate session information. Successful exploitation requires that the session key is known and the application allows attackers to store dictionary-like objects with a valid session key in the cache. 2) An error when verifying if URLs provided to the "URLField" field type correctly resolve can be exploited to exhaust all of the server's processes and memory by providing an URL to a malicious server. 3) An error within the handling of redirect responses when verifying URLs provided to the "URLField" field type can be exploited to e.g. determine the existence of local files on the server by returning a redirect response to a "file://" URL. 4) An error within the handling of the "X-Forwarded-Host" HTTP header when e.g. generating full URLs for redirect responses can be exploited to conduct cache poisoning attacks. The vulnerabilities are reported in Django 1.2.x prior to version 1.2.7 and version 1.3. SOLUTION: Apply patches or update to version 1.2.7 or 1.3.1. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1, 2, 3) Paul McMillan 4) Reported by the vendor. ORIGINAL ADVISORY: https://www.djangoproject.com/weblog/2011/sep/09/security-releases-issued/ https://www.djangoproject.com/weblog/2011/sep/10/127/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 12 17:32:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 02:32:27 +0200 Subject: [SEC] [SA45952] IBM Tivoli Security Information and Event Manager Custom Reports Cross-Site Scripting Vulnerability Message-ID: <201109130032.p8D0WR8E014870@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: IBM Tivoli Security Information and Event Manager Custom Reports Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA45952 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45952/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45952 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45952/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45952/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45952 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM Tivoli Security Information and Event Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input passed to custom reports is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Apply fix pack 2.0.0-TIV-TSIEM-FP006 or hot fix 2.0.0-TIV-TSIEM-FIX00614 when available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Mon Sep 12 18:09:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 03:09:12 +0200 Subject: [SEC] [SA45960] Fedora update for avahi Message-ID: <201109130109.p8D19CgL005659@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Fedora update for avahi SECUNIA ADVISORY ID: SA45960 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45960/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45960 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45960/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45960/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45960 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA43361 SOLUTION: Apply updated packages via the yum utility ("yum update avahi"). ORIGINAL ADVISORY: FEDORA-2011-11588: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065686.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 10:36:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 19:36:54 +0200 Subject: [SEC] [SA45944] MyAuth "pass" SQL Injection Vulnerability Message-ID: <201109131736.p8DHasic012862@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: MyAuth "pass" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA45944 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45944/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45944 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45944/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45944/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45944 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in MyAuth, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "pass" parameter to index.php (when "console" is set to "panel" and "panel_cmd" is set to "auth") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows bypassing the authentication mechanism. The vulnerability is reported in version 3.0. Prior versions may also be affected. SOLUTION: Apply fix. Please contact the vendor for more information. PROVIDED AND/OR DISCOVERED BY: Marcio Almeida ORIGINAL ADVISORY: http://packetstormsecurity.org/files/view/104935/myauth-sql.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 11:39:35 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 20:39:35 +0200 Subject: [SEC] [SA45968] DAQFactory NETB Datagram Parsing Buffer Overflow Vulnerabilities Message-ID: <201109131839.p8DIdZSx004971@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: DAQFactory NETB Datagram Parsing Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA45968 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45968/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45968 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45968/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45968/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45968 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered two vulnerabilities in DAQFactory, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities are caused due to boundary errors when logging client details for received NETB datagrams and can be exploited to cause stack-based buffer overflows via an overly large, specially crafted datagram sent to UDP port 20034. Successful exploitation allows execution of arbitrary code. The vulnerabilities are confirmed in version 5.85 build 1853. Other versions may also be affected. SOLUTION: No effective workaround is currently available. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/daqfactory_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 12:40:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 21:40:02 +0200 Subject: [SEC] [SA45020] Microsoft Office Insecure Library Loading and Uninitialised Object Pointer Vulnerabilities Message-ID: <201109131940.p8DJe29P029381@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Microsoft Office Insecure Library Loading and Uninitialised Object Pointer Vulnerabilities SECUNIA ADVISORY ID: SA45020 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45020/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45020 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45020/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45020/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45020 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. 1) The vulnerability is caused due to MSO.DLL loading libraries (e.g. ".dll") in an insecure manner when attempting to validate an opened file. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a PPT file located on a remote WebDAV or SMB share. 2) An error when parsing unspecified data can be exploited to dereference an uninitialised value as an object pointer via e.g. a specially crafted Word document. Successful exploitation of the vulnerabilities allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1) Parvez Anwar via Secunia 2) The vendor credits David Warren, CERT/CC. ORIGINAL ADVISORY: MS11-073 (KB2587634, KB2584052, KB2584063, KB2584066): http://technet.microsoft.com/en-us/security/bulletin/ms11-073 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 14:24:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 23:24:41 +0200 Subject: [SEC] [SA45910] Microsoft Windows Insecure Library Loading Vulnerability Message-ID: <201109132124.p8DLOfhM021516@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Microsoft Windows Insecure Library Loading Vulnerability SECUNIA ADVISORY ID: SA45910 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45910/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45910 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45910/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45910/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45910 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to various components loading certain libraries in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into e.g. opening a text (.txt), rich-text format (.rtf), or Word document (.doc) file located on a remote WebDAV or SMB share. Successful exploitation allows execution of arbitrary code. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: MS11-071 (KB2570947): http://technet.microsoft.com/en-us/security/bulletin/ms11-071 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 14:24:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 23:24:33 +0200 Subject: [SEC] [SA46008] Microsoft SharePoint XML / XSL Processing File Disclosure Vulnerability Message-ID: <201109132124.p8DLOX1I021332@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Microsoft SharePoint XML / XSL Processing File Disclosure Vulnerability SECUNIA ADVISORY ID: SA46008 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46008/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46008 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/46008/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46008/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46008 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Microsoft SharePoint, which can be exploited by malicious users to disclose potentially sensitive information. The vulnerability is caused due to an error when parsing certain XML or XSL files and can be exploited to disclose the contents of an arbitrary file. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits Nicolas Gr?goire, Agarri. ORIGINAL ADVISORY: MS11-074 (KB2493987, KB2494001, KB2494022, KB2508964, KB2508965, KB2552998, KB2552999, KB2553001, KB2553002, KB2553003, KB2553005, KB2560885, KB2566449, KB2566450, KB2566456, KB2566954, KB2566958, KB2566960): http://technet.microsoft.com/en-us/security/bulletin/ms11-074 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 14:24:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 23:24:46 +0200 Subject: [SEC] [SA45932] Microsoft Office Excel Multiple Vulnerabilities Message-ID: <201109132124.p8DLOkpe021655@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Microsoft Office Excel Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45932 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45932/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45932 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45932/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45932/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45932 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft Office Excel, which can be exploited by malicious people to compromise a user's system. 1) A use-after-free error when parsing unspecified data can be exploited to dereference already freed memory. 2) An array-indexing error when parsing unspecified data can be exploited to corrupt memory. 3) An error when parsing unspecified data can be exploited to corrupt heap-based memory. 4) An unspecified error when parsing a particular type of conditional expression can be exploited to corrupt memory. 5) A signedness error when parsing unspecified data can be exploited to corrupt memory. Successful exploitation of the vulnerabilities allows execution of arbitrary code via specially crafted Excel files. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) An anonymous person via iDefense 2) Sean Larsson, VeriSign iDefense Labs 3) An anonymous person via iDefense 4) An anonymous person via ZDI 5) Omair via ZDI ORIGINAL ADVISORY: MS11-072 (KB2553070, KB2553072, KB2553073, KB2553074, KB2553075, KB2553095, KB2553096, KB2553089, KB2553090, KB2553091, KB2553093, KB2553094, KB2587505, KB2598781, KB2598782, KB2598783, KB2598785): http://technet.microsoft.com/en-us/security/bulletin/ms11-072 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 14:24:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 23:24:44 +0200 Subject: [SEC] [SA45915] Microsoft SharePoint Cross-Site Scripting and Script Insertion Vulnerabilities Message-ID: <201109132124.p8DLOipN021613@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Microsoft SharePoint Cross-Site Scripting and Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA45915 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45915/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45915 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45915/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45915/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45915 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Microsoft SharePoint, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks. 1) Input passed via the URL is not properly sanitised within the SharePoint Calendar before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) Input passed to the SafeHTML function is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed to EditForm.aspx is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 4) Input passed via Contact details is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. SOLUTION: Apply patches. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Andrew Connell, Critical Path Training, LLC and David Feldman, Raytheon. 2) Adi Cohen, IBM Rational Application Security. 3) Pedro Jimenez, ITT. 4) Seeker. 5) Jim LaValley, LaValley Consulting, LLC. ORIGINAL ADVISORY: MS11-074 (KB2493987, KB2494001, KB2494007, KB2494022, KB2508964, KB2508965, KB2552998, KB2552999, KB2553001, KB2553002, KB2553003, KB2553005, KB2560885, KB2566449, KB2566450, KB2566456, KB2566954, KB2566958, KB2566960): http://technet.microsoft.com/en-us/security/bulletin/ms11-074 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 14:50:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Tue, 13 Sep 2011 23:50:44 +0200 Subject: [SEC] [SA45994] Red Hat update for kernel-rt Message-ID: <201109132150.p8DLoikb013092@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Red Hat update for kernel-rt SECUNIA ADVISORY ID: SA45994 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45994/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45994 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/45994/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45994/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45994 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for kernel-rt. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system and potentially sensitive information, bypass certain security restrictions, conduct session hijacking attacks, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA41493 SA42964 SA43009 SA43496 SA43576 SA43594 SA44091 SA44094 SA44164 SA44220 SA44248 SA44466 SA44754 SA45193 SA45236 SA45253 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1253-01: https://rhn.redhat.com/errata/RHSA-2011-1253.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 15:16:18 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 00:16:18 +0200 Subject: [SEC] [SA46001] IBM WebSphere Application Server SAML Signature Wrapping Vulnerability Message-ID: <201109132216.p8DMGIav003294@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Application Server SAML Signature Wrapping Vulnerability SECUNIA ADVISORY ID: SA46001 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46001/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46001 RELEASE DATE: 2011-09-13 DISCUSS ADVISORY: http://secunia.com/advisories/46001/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46001/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46001 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in IBM WebSphere Application Server, which can be exploited by malicious people to bypass certain security features. The vulnerability is caused due to the SAML library not properly verifying certain signed tokens, which can be exploited to bypass the verification via "wrapping attacks". This may be related to: SA45385 SOLUTION: Apply APAR PM43254 or update to version 7.0.0.19. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IBM (PM43254): http://www.ibm.com/support/docview.wss?uid=swg27014463 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 15:51:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 00:51:08 +0200 Subject: [SEC] [SA46006] PHP-Fusion Cumulus Infusion "tagcloud" Cross-Site Scripting Vulnerability Message-ID: <201109132251.p8DMp8GO026427@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: PHP-Fusion Cumulus Infusion "tagcloud" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46006 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46006/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46006 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/46006/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46006/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46006 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MustLive has discovered a vulnerability in the Cumulus infusion for PHP-Fusion, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "tagcloud" parameter to infusions/cumulus_panel/tagcloud.swf (when "mode" is set to "tags") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.2. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://websecurity.com.ua/5356/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 16:16:27 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 01:16:27 +0200 Subject: [SEC] [SA45974] WordPress WP Forum Server Plugin "edit_post_id" SQL Injection Vulnerability Message-ID: <201109132316.p8DNGRcc016647@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress WP Forum Server Plugin "edit_post_id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA45974 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45974/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45974 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45974/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45974/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45974 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Miroslav Stampar has discovered a vulnerability in the WP Forum Server plugin for WordPress, which can be exploited my malicious people to conduct SQL injection attacks. Input passed to the "edit_post_id" POST parameter in wp-content/plugins/forum-server/wpf-insert.php (when "edit_post_submit" and "thread_id" are set) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.7. Prior versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Miroslav Stampar ORIGINAL ADVISORY: http://www.exploit-db.com/exploits/17828/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 16:53:44 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 01:53:44 +0200 Subject: [SEC] [SA46005] Serendipity Freetag Plugin "tagcloud" Cross-Site Scripting Vulnerability Message-ID: <201109132353.p8DNriDU007452@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Serendipity Freetag Plugin "tagcloud" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46005 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46005/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46005 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/46005/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46005/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46005 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MustLive has discovered a vulnerability in the Freetag plugin for Serendipity, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "tagcloud" parameter to plugins/serendipity_event_freetag/tagcloud.swf (when "mode" is set to "tags") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 3.29. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://websecurity.com.ua/5356/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 17:19:22 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 02:19:22 +0200 Subject: [SEC] [SA45981] TwinCAT Datagram Processing Denial of Service Vulnerability Message-ID: <201109140019.p8E0JMCN030113@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TwinCAT Datagram Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45981 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45981/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45981 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45981/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45981/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45981 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in TwinCAT, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error within the TwinCAT System Service (TCATSysSrv.exe) when processing certain datagrams. This can be exploited to cause a crash by sending specially crafted datagrams to UDP port 48899. The vulnerability is confirmed in TCATSysSrv.exe version 2.11.0.617 included in TwinCAT version 2.11 R2 Build 2032. Other versions may also be affected. SOLUTION: No effective workaround is currently available. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/twincat_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 17:50:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 02:50:51 +0200 Subject: [SEC] [SA46002] EMC Avamar Domain Restrictions Security Bypass Vulnerability Message-ID: <201109140050.p8E0op03020642@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: EMC Avamar Domain Restrictions Security Bypass Vulnerability SECUNIA ADVISORY ID: SA46002 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46002/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46002 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/46002/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46002/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46002 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in EMC Avamar, which can be exploited by malicious users to bypass certain security restrictions. For more information: SA45988 The vulnerability is reported in version 5.0.x and 6.0.x. SOLUTION: Update to version 5.0.4-30 with hotfix 27192 and 27230 and version 6.0.0-592. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: EMC (ESA-2011-018): http://archives.neohapsis.com/archives/bugtraq/2011-09/att-0076/ESA-2011-018.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 18:18:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 03:18:14 +0200 Subject: [SEC] [SA45990] Fedora update for phpMyAdmin Message-ID: <201109140118.p8E1IExF010945@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Fedora update for phpMyAdmin SECUNIA ADVISORY ID: SA45990 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45990/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45990 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45990/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45990/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45990 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for phpMyAdmin. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA45709 SOLUTION: Apply updated packages via the yum utility ("yum update phpMyAdmin"). ORIGINAL ADVISORY: FEDORA-2011-11594: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065824.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 18:56:43 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 03:56:43 +0200 Subject: [SEC] [SA45950] ScadaTec ModbusTagServer / ScadaPhone Project Import Buffer Overflow Vulnerability Message-ID: <201109140156.p8E1uh66001800@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: ScadaTec ModbusTagServer / ScadaPhone Project Import Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45950 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45950/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45950 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45950/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45950/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45950 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in ScadaTec ModbusTagServer and ScadaTec ScadaPhone, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when importing an archived project and can be exploited to cause a stack-based buffer overflow via a specially crafted ZIP file. Successful exploitation allows execution of arbitrary code, but requires tricking a user into importing a malicious project file. The vulnerability is confirmed in the following products (other versions may also be affected): * ScadaTec ModbusTagServer version 4.1.1.81. * ScadaTec ScadaPhone version 5.3.11.1230. SOLUTION: Do not import project files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: mr_me OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 19:31:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 04:31:25 +0200 Subject: [SEC] [SA45975] SUSE update for cyrus-imapd Message-ID: <201109140231.p8E2VPQJ025401@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: SUSE update for cyrus-imapd SECUNIA ADVISORY ID: SA45975 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45975/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45975 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45975/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45975/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45975 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for cyrus-imapd. This fixes a vulnerability, which can be exploited by malicious users to compromise a vulnerable system. For more information: SA45938 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1034-1: https://hermes.opensuse.org/messages/11723935 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 19:51:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 04:51:41 +0200 Subject: [SEC] [SA45969] Movicon Multiple Vulnerabilities Message-ID: <201109140251.p8E2pfDn015370@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Movicon Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45969 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45969/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45969 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45969/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45969/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45969 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in Movicon, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) An error when handling the "Content-Length" HTTP header can be exploited to cause a heap-based buffer overflow via a specially crafted web request sent to TCP port 808. 2) An error when handling HTTP packets can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to TCP port 808. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. 3) An error when handling web requests containing certain "EIDP" content can be exploited to crash the project server via a specially crafted web request sent to TCP port 808. 4) The application loads libraries (e.g. dwmapi.dll) in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into e.g. opening a Project file (".movprj") located on a remote WebDAV or SMB share. Successful exploitation of this vulnerability allows execution of arbitrary code. The vulnerabilities are confirmed in version 11.2.1085. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: 1 - 3) Luigi Auriemma 4) Mister Teatime ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/movicon_1-adv.txt http://aluigi.altervista.org/adv/movicon_2-adv.txt http://aluigi.altervista.org/adv/movicon_3-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 20:14:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 05:14:56 +0200 Subject: [SEC] [SA45961] Debian update for mantis Message-ID: <201109140314.p8E3Eu7D005470@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Debian update for mantis SECUNIA ADVISORY ID: SA45961 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45961/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45961 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45961/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45961/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45961 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for mantis. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose potentially sensitive information and by malicious users to compromise a vulnerable system. For more information: SA45829 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2308-1: http://www.debian.org/security/2011/dsa-2308 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 20:51:25 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 05:51:25 +0200 Subject: [SEC] [SA45998] Habari HB-Cumulus Plugin "tagcloud" Cross-Site Scripting Vulnerability Message-ID: <201109140351.p8E3pPZY028672@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Habari HB-Cumulus Plugin "tagcloud" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA45998 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45998/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45998 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45998/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45998/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45998 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MustLive has discovered a vulnerability in the HB-Cumulus plugin for Habari, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "tagcloud" parameter to user/plugins/hb-cumulus/lib/tagcloud.swf (when "mode" is set to "tags") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.4. Other versions may also be affected. SOLUTION: Update to version 1.8. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: HB-Cumulus: https://github.com/lildude/HB-Cumulus/commit/d71bf41952a9679d1632f0a626dbc1a852a2963c MustLive: http://websecurity.com.ua/5356 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 21:14:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 06:14:39 +0200 Subject: [SEC] [SA45988] EMC Avamar Domain Restrictions Security Bypass Vulnerability Message-ID: <201109140414.p8E4Edjd018784@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: EMC Avamar Domain Restrictions Security Bypass Vulnerability SECUNIA ADVISORY ID: SA45988 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45988/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45988 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45988/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45988/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45988 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in EMC Avamar, which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to an error when enforcing domain restrictions during certain operations e.g. client data restore. This can be exploited to modify client's data within another domain. Successful exploitation requires domain administrator privileges within the original data's domain. The vulnerability is reported in version 4.x. SOLUTION: Upgrade to version 5.0.4-30 with hotfix 27192 and 27230 or version 6.0.0-592. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: EMC (ESA-2011-018): http://archives.neohapsis.com/archives/bugtraq/2011-09/att-0076/ESA-2011-018.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 21:50:34 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 06:50:34 +0200 Subject: [SEC] [SA45980] PlantVisor Enhanced Directory Traversal Vulnerability Message-ID: <201109140450.p8E4oYtR009527@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: PlantVisor Enhanced Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA45980 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45980/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45980 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45980/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45980/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45980 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in PlantVisor Enhanced, which can be exploited by malicious people to disclose sensitive information. Input appended to the URL is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences. The vulnerability is confirmed in version 2.4.4. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: Luigi Auriemma: http://aluigi.altervista.org/adv/plantvisor_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Tue Sep 13 22:14:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 07:14:28 +0200 Subject: [SEC] [SA45966] eSignal Buffer Overflow and Insecure Library Loading Vulnerabilities Message-ID: <201109140514.p8E5ES2c032089@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: eSignal Buffer Overflow and Insecure Library Loading Vulnerabilities SECUNIA ADVISORY ID: SA45966 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45966/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45966 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45966/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45966/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45966 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been discovered in eSignal, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in WinSig.exe when processing QUOTE files (".quo") can be exploited to cause a stack-based buffer overflow. 2) A boundary error in WinSig.exe when processing the "" tag can be exploited to cause a heap-based buffer overflow via a specially crafted Time and Sales file (".ets"). 3) The application loads libraries (e.g. JRS_UT.dll) in an insecure manner and can be exploited to load arbitrary libraries by tricking a user into e.g. opening a QUOTE file (".quo") located on a remote WebDAV or SMB share. Successful exploitation of these vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version 10.6.2425.1208. Other versions may also be affected. SOLUTION: Do not open files from untrusted sources. PROVIDED AND/OR DISCOVERED BY: 1, 2) Luigi Auriemma 3) Mister Teatime ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/esignal_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 10:34:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 19:34:52 +0200 Subject: [SEC] [SA45971] WordPress s2Member Plugin Unspecified File Disclosure Vulnerability Message-ID: <201109141734.p8EHYqGG026263@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress s2Member Plugin Unspecified File Disclosure Vulnerability SECUNIA ADVISORY ID: SA45971 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45971/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45971 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45971/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45971/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45971 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the s2Member plugin for WordPress, which can be exploited by malicious people to disclose sensitive information. Certain unspecified input is not properly verified before being used to read files. This can be exploited to disclose the content of arbitrary files from local resources via directory traversal sequences. The vulnerability is reported in versions prior to 110812. SOLUTION: Update to version 110812 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://wordpress.org/extend/plugins/s2member/changelog/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 11:35:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 20:35:02 +0200 Subject: [SEC] [SA45941] Evolution evolution-data-server Settings Import Weakness Message-ID: <201109141835.p8EIZ2W3018242@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Evolution evolution-data-server Settings Import Weakness SECUNIA ADVISORY ID: SA45941 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45941/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45941 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45941/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45941/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45941 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Evolution, which can be exploited by malicious people to disclose potentially sensitive information. The weakness is caused due to an error in evolution-data-server when importing configuration settings, which can lead to Evolution e.g. trying to access IMAP folders via plain text connections instead of SSL/TLS protected connections, as originally specified. This can be exploited to e.g. disclose the username and password of the IMAP account by sniffing the network traffic via Man-in-the-Middle (MitM) attacks. SOLUTION: Fixed in evolution-data-server version 3.1.1. Manually verify imported settings. PROVIDED AND/OR DISCOVERED BY: Reported in a Red Hat bug by Paul Ezvan. ORIGINAL ADVISORY: Red Hat bug #697904: https://bugzilla.redhat.com/show_bug.cgi?id=697904 Gnome bug #648277: https://bugzilla.gnome.org/show_bug.cgi?id=648277 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 12:34:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 21:34:17 +0200 Subject: [SEC] [SA45983] Support Incident Tracker "user" and "id" Cross-Site Scripting Vulnerabilities Message-ID: <201109141934.p8EJYHZQ010173@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Support Incident Tracker "user" and "id" Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA45983 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45983/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45983 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45983/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45983/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45983 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered two vulnerabilities in Support Incident Tracker, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "user" parameter to edit_backup_users.php and the "id" parameter to edit_escalation_path.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 3.65. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB23043: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 13:33:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 22:33:45 +0200 Subject: [SEC] [SA46019] Support Incident Tracker Multiple Vulnerabilities Message-ID: <201109142033.p8EKXjss002092@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Support Incident Tracker Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46019 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46019/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46019 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/46019/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46019/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46019 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: High-Tech Bridge SA has discovered multiple vulnerabilities in Support Incident Tracker, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting, cross-site request forgery, and SQL injection attacks. 1) The application's web interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an administrator by tricking a logged in administrator into visiting a malicious web site. 2) Input passed via the "mode" parameter to contract_support.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Input passed via the "contractid" parameter to contract_add_service.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed via the "action" parameter to inbox.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 5) Input passed via the "search_string" parameter to incident_add.php (when "action" is set to "findcontact") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 6) Input passed via the "table1" parameter to report_customers.php, report_incidents_by_engineer.php, report_incidents_by_site.php, and report_marketing.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 7) Input passed via the "startdate" and "enddate" parameters to report_incidents_by_vendor.php (when "mode" is set) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 8) Input passed via the "Referer" header to forgotpwd.php, billable_incidents.php (when "mode" is set to "approvalpage" and "output" is set to "html"), and transactions.php (when "display" is set to "html") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 9) Input passed via the "contractid" parameter to contract_add_service.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 10) Input passed via the "id" parameter to edit_escalation_path is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 11) Input passed via the "unlock" and "lock" parameters to holding_queue.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 12) Input passed via the "selected" parameter to holding_queue.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 13) Input passed via the "inc" parameter to report_customers.php (when "mode" is set to "report") and report_incidents_by_site.php (when "mode" is set to "report") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 14) Input passed via the "start" parameter to search.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 15) Input passed via the "sites" parameter to transactions.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. 16) Input passed via the "start" parameter to portal/kb.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are confirmed in version 3.64. Prior versions may also be affected. SOLUTION: Update to version 3.65. PROVIDED AND/OR DISCOVERED BY: High-Tech Bridge SA ORIGINAL ADVISORY: HTB23043: https://www.htbridge.ch/advisory/multiple_vulnerabilities_in_sit_support_incident_tracker.html Support Incident Tracker: http://sitracker.org/wiki/ReleaseNotes OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 14:28:38 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 23:28:38 +0200 Subject: [SEC] [SA45997] Ubuntu update for linux-fsl-imx51 Message-ID: <201109142128.p8ELScmT026264@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-fsl-imx51 SECUNIA ADVISORY ID: SA45997 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45997/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45997 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/45997/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45997/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45997 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-fsl-imx51. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive and certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people with physical access and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA39080 SA42035 SA42061 SA42176 SA42187 SA43009 SA43435 SA43496 SA43537 SA43576 SA43594 SA43806 SA43841 SA43846 SA44220 SA44466 SA44754 SA45533 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1204-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001414.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 14:48:52 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 14 Sep 2011 23:48:52 +0200 Subject: [SEC] [SA46003] Ubuntu update for linux-ti-omap4 Message-ID: <201109142148.p8ELmqPX016222@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-ti-omap4 SECUNIA ADVISORY ID: SA46003 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46003/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46003 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/46003/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46003/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46003 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-ti-omap4. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive and certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people and malicious people with physical access to cause a DoS and potentially compromise a vulnerable system. For more information: SA41002 SA41263 SA41440 SA41493 SA42035 SA42061 SA42126 SA42172 SA42176 SA43009 SA43358 SA43496 SA43537 SA43576 SA43594 SA43693 SA43716 SA43806 SA43841 SA43846 SA43966 SA44164 SA44220 SA44248 SA44466 SA44754 SA45533 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1202-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001412.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 15:13:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 00:13:55 +0200 Subject: [SEC] [SA46007] Ubuntu update for kernel Message-ID: <201109142213.p8EMDtNq006429@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Ubuntu update for kernel SECUNIA ADVISORY ID: SA46007 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46007/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46007 RELEASE DATE: 2011-09-14 DISCUSS ADVISORY: http://secunia.com/advisories/46007/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46007/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46007 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for the kernel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, and cause a DoS (Denial of Service) and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA43496 SA43846 SA44466 SA44754 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1201-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001411.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 15:49:10 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 00:49:10 +0200 Subject: [SEC] [SA45993] Ubuntu update for linux-lts-backport-maverick Message-ID: <201109142249.p8EMnA34029556@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-lts-backport-maverick SECUNIA ADVISORY ID: SA45993 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45993/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45993 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45993/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45993/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45993 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-lts-backport-maverick. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, and cause a DoS (Denial of Service) and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA43496 SA43846 SA44466 SA44754 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1205-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001415.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 16:14:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 01:14:12 +0200 Subject: [SEC] [SA45996] Ubuntu update for linux-mvl-dove Message-ID: <201109142314.p8ENECXe019778@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Ubuntu update for linux-mvl-dove SECUNIA ADVISORY ID: SA45996 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45996/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45996 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45996/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45996/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45996 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for linux-mvl-dove. This fixes multiple weaknesses and vulnerabilities, which can be exploited by malicious, local users to disclose certain system information, bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to cause a DoS and potentially compromise a vulnerable system. For more information: SA39080 SA42061 SA43496 SA43846 SA44466 SA44754 SA45420 SA45533 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1203-1: https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-September/001413.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 16:49:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 01:49:07 +0200 Subject: [SEC] [SA45953] WordPress Mini Mail Dashboard Widget Plugin Remote File Inclusion Vulnerability Message-ID: <201109142349.p8ENn76D010475@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress Mini Mail Dashboard Widget Plugin Remote File Inclusion Vulnerability SECUNIA ADVISORY ID: SA45953 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45953/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45953 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45953/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45953/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45953 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Mini Mail Dashboard Widget plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "abspath" parameter in wordpress/wp-content/plugins/mini-mail-dashboard-widget/wp-mini-mail.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources. The vulnerability has been confirmed in version 1.36. Prior versions may also be affected. SOLUTION: Update to version 1.37. PROVIDED AND/OR DISCOVERED BY: The vendor credits an anonymous person via wordpress.org. ORIGINAL ADVISORY: Mini Mail Dashboard Widget Plugin Trac: http://plugins.trac.wordpress.org/changeset?reponame=&new=437191%40mini-mail-dashboard-widget&old=436773%40mini-mail-dashboard-widget OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 17:17:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 02:17:26 +0200 Subject: [SEC] [SA45976] TIBCO Managed File Transfer Products Cross-Site Scripting and Session Fixation Vulnerabilities Message-ID: <201109150017.p8F0HQ8c000810@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TIBCO Managed File Transfer Products Cross-Site Scripting and Session Fixation Vulnerabilities SECUNIA ADVISORY ID: SA45976 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45976/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45976 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45976/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45976/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45976 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in multiple TIBCO Managed File Transfer products, which can be exploited by malicious people to conduct cross-site scripting and session fixation attacks. 1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 2) An error in the handling of sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link. The vulnerabilities are reported in the following products: * TIBCO Managed File Transfer Internet Server versions 7.1.0 and prior. * TIBCO Managed File Transfer Command Center versions 7.1.0 and prior. * TIBCO Slingshot versions 1.8.0 and prior. SOLUTION: Update to a fixed version. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.tibco.com/services/support/advisories/mft-slingshot-advisory_20110913.jsp http://www.tibco.com/multimedia/mft-slingshot_advisory_20110913_tcm8-14340.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 17:48:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 02:48:58 +0200 Subject: [SEC] [SA45868] F5 BIG-IP BIND UPDATE Request Processing Denial of Service Vulnerability Message-ID: <201109150048.p8F0mwS0023807@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: F5 BIG-IP BIND UPDATE Request Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA45868 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45868/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45868 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45868/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45868/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45868 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: F5 has acknowledged a vulnerability in BIG-IP, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA45082 The vulnerability is reported in versions 10.2.1 HF2, 10.2.1 HF3, and 10.2.2 of the following products: * BIG-IP LTM * BIG-IP GTM * BIG-IP ASM * BIG-IP Link Controller * BIG-IP WebAccelerator * BIG-IP PSM * BIG-IP WOM * BIG-IP APM * BIG-IP Edge Gateway SOLUTION: Apply hotfix 10.2.2 HF1. ORIGINAL ADVISORY: http://support.f5.com/kb/en-us/solutions/public/12000/900/sol12986.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 18:14:01 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 03:14:01 +0200 Subject: [SEC] [SA45986] SUSE update for xorg-x11 Message-ID: <201109150114.p8F1E1sY014013@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: SUSE update for xorg-x11 SECUNIA ADVISORY ID: SA45986 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45986/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45986 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45986/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45986/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45986 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: SUSE has issued an update for xorg-x11. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA45544 SOLUTION: Apply updated packages via the zypper package manager. ORIGINAL ADVISORY: SUSE-SU-2011:1035-1: http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00019.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 18:48:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 03:48:54 +0200 Subject: [SEC] [SA45973] ScadaPro Multiple Vulnerabilities Message-ID: <201109150148.p8F1mrYE004705@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: ScadaPro Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45973 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45973/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45973 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45973/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45973/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45973 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered some vulnerabilities in ScadaPro, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, and compromise a vulnerable system. 1) Various boundary errors within service.exe when processing certain packets can be exploited to e.g. cause stack-based buffer overflows by sending specially crafted commands to TCP port 11234. 2) The "RF" command can be exploited to disclose the content of arbitrary files by sending malicious commands to TCP port 11234. 3) The "wF" command can be exploited to write arbitrary content into arbitrary files by sending malicious commands to TCP port 11234. 4) The "uF" command can be exploited to delete arbitrary files by sending malicious commands to TCP port 11234. 5) The "xF" command can be exploited to call arbitrary functions in arbitrary DLLs and e.g. execute applications via the "system()" function in msvcrt.dll. The vulnerabilities are confirmed in version 4.0.0.0. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/scadapro_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 19:21:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 04:21:36 +0200 Subject: [SEC] [SA45893] Debian update for openssl Message-ID: <201109150221.p8F2La47028128@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Debian update for openssl SECUNIA ADVISORY ID: SA45893 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45893/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45893 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45893/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45893/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45893 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Debian has issued an update for openssl. This fixes a weakness, which can be exploited by malicious people to disclose potentially sensitive information. For more information: SA44572 SOLUTION: Apply updated packages via the apt-get package manager. ORIGINAL ADVISORY: DSA-2309-1: http://www.debian.org/security/2011/dsa-2309 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 19:50:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 04:50:39 +0200 Subject: [SEC] [SA46011] Siemens SIMATIC WinCC Runtime Loader Buffer Overflow Vulnerability Message-ID: <201109150250.p8F2od1T018527@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Siemens SIMATIC WinCC Runtime Loader Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA46011 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46011/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46011 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/46011/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46011/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46011 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Siemens SIMATIC WinCC, which can be exploited by malicious people to potentially compromise a vulnerable system. The vulnerability is caused due to an error in the runtime loader when parsing received packets and can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to port 2308/TCP. Successful exploitation may allow execution of arbitrary code, but requires that "transfer" mode is enabled (disabled by default). SOLUTION: Disable "transfer" mode or restrict access to port 2308/TCP. PROVIDED AND/OR DISCOVERED BY: Billy Rios and Terry McCorkle via ICS-CERT. ORIGINAL ADVISORY: Siemens: http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=de&objid=29054992&caller=view http://cache.automation.siemens.com/dnl/jI/jI0NDY5AAAA_29054992_FAQ/Siemens_Security_Advisory_SSA-460621_V1_2.pdf ICS-CERT: http://www.us-cert.gov/control_systems/pdf/ICSA-11-244-01.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 20:15:29 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 05:15:29 +0200 Subject: [SEC] [SA46021] Magento Advance Tag Extension "tagcloud" Cross-Site Scripting Vulnerability Message-ID: <201109150315.p8F3FTZF008714@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Magento Advance Tag Extension "tagcloud" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46021 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46021/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46021 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/46021/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46021/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46021 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: MustLive has discovered a vulnerability in the Advance Tag extension for Magento, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "tagcloud" parameter to js/advancetag/tagcloud.swf (when "mode" is set to "tags") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.0.0. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: MustLive ORIGINAL ADVISORY: http://websecurity.com.ua/5356 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 20:49:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 05:49:30 +0200 Subject: [SEC] [SA45995] Orion Network Performance Monitor "Title" Cross-Site Scripting Vulnerability Message-ID: <201109150349.p8F3nU9H031792@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Orion Network Performance Monitor "Title" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA45995 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45995/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45995 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45995/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45995/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45995 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Gustavo Roberto Rodrigues Goncalves has discovered a vulnerability in Orion Network Performance Monitor, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed to the "Title" parameter in CustomChart.aspx is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 10.1.3. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: Gustavo Roberto Rodrigues Goncalves ORIGINAL ADVISORY: http://seclists.org/fulldisclosure/2011/Sep/107 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 21:14:20 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 06:14:20 +0200 Subject: [SEC] [SA46010] Red Hat update for librsvg2 Message-ID: <201109150414.p8F4EKGj021988@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Red Hat update for librsvg2 SECUNIA ADVISORY ID: SA46010 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46010/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46010 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/46010/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46010/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46010 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for librsvg2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. For more information: SA45877 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1289-01: https://rhn.redhat.com/errata/RHSA-2011-1289.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 21:49:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 06:49:58 +0200 Subject: [SEC] [SA45984] NetCat "search_query" PHP Code Execution Vulnerability Message-ID: <201109150449.p8F4nwu7012749@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: NetCat "search_query" PHP Code Execution Vulnerability SECUNIA ADVISORY ID: SA45984 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45984/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45984 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45984/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45984/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45984 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in NetCat, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "search_query" parameter to /search is not properly sanitised before being used in a call to "eval()". This can be exploited to inject and execute arbitrary PHP code. The vulnerability is confirmed in version 4.5.2 Extra. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: brain[pillow] OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 14 22:14:55 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 07:14:55 +0200 Subject: [SEC] [SA45978] Adobe Reader / Acrobat Multiple Vulnerabilities Message-ID: <201109150514.p8F5Et9O002930@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA45978 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45978/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45978 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45978/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45978/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45978 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system. 1) An unspecified error can be exploited to gain escalated privileges. This vulnerability affects Adobe Reader X for Windows only. 2) An unspecified error can be exploited to bypass certain security restrictions. 3) An unspecified error related to a U3D TIFF Resource can be exploited to cause a buffer overflow. 4) An unspecified error can be exploited to cause a heap-based buffer overflow. 5) An unspecified error can be exploited to cause a heap-based buffer overflow. 6) An unspecified error can be exploited to cause a buffer overflow. 7) An unspecified error in the image parsing library can be exploited to cause a heap-based buffer overflow. 8) An unspecified error can be exploited to cause a heap-based buffer overflow. 9) Three unspecified errors in the image parsing library can be exploited to cause stack-based buffer overflows. 10) An unspecified error can be exploited to disclose the contents of memory. 11) A user-after-free error can be exploited to dereference already freed memory. 12) Two unspecified errors in the CoolType.dll library can be exploited to cause stack-based buffer overflows. 13) A logic error can be exploited to corrupt memory. 14) The application bundles a vulnerable version of Adobe Flash Player. For more information: SA45583 The vulnerabilities are reported in the following products: * Adobe Reader X (10.1) and earlier for Windows and Macintosh. * Adobe Reader 9.4.5 and earlier for Windows, Macintosh, and UNIX. * Adobe Reader 8.3 and earlier for Windows and Macintosh. * Adobe Acrobat X (10.1) and earlier for Windows and Macintosh. * Adobe Acrobat 9.4.5 and earlier for Windows and Macintosh. * Adobe Acrobat 8.3 and earlier for Windows and Macintosh. SOLUTION: Apply updates (please see the vendor's advisory for details). Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Paul Sabanal and Mark Yason, IBM X-Force Advanced Research. 1) Zhenhua Liu, Fortinet's Fortiguard Labs. 2) Vladimir Vorontsov, ONsec. 3, 4, 5, 6, 7, 8, 9, 12) binaryproof via ZDI. 10) James Quirk, Los Alamos. 11) An anonymous person via iDefense Labs. 13) Tavis Ormandy, Google Security Team. ORIGINAL ADVISORY: http://www.adobe.com/support/security/bulletins/apsb11-24.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 10:34:30 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 19:34:30 +0200 Subject: [SEC] [SA45949] WordPress Auctions Plugin "wpa_id" SQL Injection Vulnerabilities Message-ID: <201109151734.p8FHYUFQ029505@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress Auctions Plugin "wpa_id" SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA45949 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45949/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45949 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45949/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45949/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45949 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Sherl0ck_ has discovered two vulnerabilities in the Auctions plugin for WordPress, which can be exploited by malicious users to conduct SQL injection attacks. Input passed via the "wpa_id" parameter to wp-admin/admin.php (when "page" is set to "wp-auctions-add", "wpa_action" is set to "edit" or "relist", and "_wpnonce" is set to a valid value) is not properly sanitised in wp-content/plugins/wp-auctions/wp-auction.php before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires the "Editor" role. The vulnerabilities are confirmed in version 1.8.8. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: sherl0ck_ ORIGINAL ADVISORY: http://archives.neohapsis.com/archives/fulldisclosure/2011-09/0161.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 11:33:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 20:33:46 +0200 Subject: [SEC] [SA46018] WordPress IGIT Related Post With Thumb Plugin TimThumb Arbitrary File Upload Message-ID: <201109151833.p8FIXkcU021471@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress IGIT Related Post With Thumb Plugin TimThumb Arbitrary File Upload SECUNIA ADVISORY ID: SA46018 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46018/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46018 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/46018/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46018/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46018 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the IGIT Related Post With Thumb plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a bundled vulnerable version of TimThumb. For more information see vulnerability #1 in: SA45416 SOLUTION: Update to version 3.9.8 or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IGIT Related Post With Thumb: http://wordpress.org/extend/plugins/igit-related-posts-with-thumb-images-after-posts/changelog/ http://plugins.trac.wordpress.org/changeset?reponame=&new=422562%40igit-related-posts-with-thumb-images-after-posts&old=384217%40igit-related-posts-with-thumb-images-after-posts OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 12:54:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 21:54:51 +0200 Subject: [SEC] [SA46015] WordPress IGIT Posts Slider Widget Plugin TimThumb Arbitrary File Upload Vulnerability Message-ID: <201109151954.p8FJsp6f008804@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress IGIT Posts Slider Widget Plugin TimThumb Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46015 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46015/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46015 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/46015/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46015/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46015 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the IGIT Posts Slider Widget plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a bundled vulnerable version of TimThumb. For more information see vulnerability #1 in: SA45416 SOLUTION: Update to version 1.2. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: IGIT Posts Slider Widget: http://wordpress.org/extend/plugins/igit-posts-slider-widget/changelog/ http://plugins.trac.wordpress.org/changeset?reponame=&new=438275%40igit-posts-slider-widget&old=354036%40igit-posts-slider-widget OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 13:34:48 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 22:34:48 +0200 Subject: [SEC] [SA46024] Ubuntu update for cups Message-ID: <201109152034.p8FKYmkA000816@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Ubuntu update for cups SECUNIA ADVISORY ID: SA46024 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46024/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46024 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/46024/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46024/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46024 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for cups. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA45713 SA45796 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1207-1: http://www.ubuntu.com/usn/usn-1207-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 14:29:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 23:29:36 +0200 Subject: [SEC] [SA45999] IBM WebSphere Commerce Web Service Activity Token Unspecified Vulnerability Message-ID: <201109152129.p8FLTa7a024993@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: IBM WebSphere Commerce Web Service Activity Token Unspecified Vulnerability SECUNIA ADVISORY ID: SA45999 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45999/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45999 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45999/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45999/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45999 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability with an unknown impact has been reported in IBM WebSphere Commerce. The vulnerability is caused due to an unspecified error related to web services using the Activity Token authentication mechanism. No further information is currently available. The vulnerability is reported in versions 6.0.0.11 and prior and 7.0.0.3 and prior. SOLUTION: Apply interim fix JR40420. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.ibm.com/support/docview.wss?uid=swg24030908 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 14:50:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 15 Sep 2011 23:50:03 +0200 Subject: [SEC] [SA46022] TYPO3 phpMyAdmin Extension Multiple Script Insertion Vulnerabilities Message-ID: <201109152150.p8FLo3nQ014998@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TYPO3 phpMyAdmin Extension Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA46022 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46022/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46022 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/46022/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46022/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46022 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in the phpMyAdmin extension for TYPO3, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA45991 The vulnerabilities are reported in versions 4.11.4 and prior. SOLUTION: Update to version 4.11.5. PROVIDED AND/OR DISCOVERED BY: The vendor of the standalone version of phpMyAdmin credits Brad Bernard and Nils Juenemann. ORIGINAL ADVISORY: TYPO3-EXT-SA-2011-011: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-011/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 15:16:08 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Sep 2011 00:16:08 +0200 Subject: [SEC] [SA45550] DivX Plus Web Player "file://" Buffer Overflow Vulnerability Message-ID: <201109152216.p8FMG8W2005249@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: DivX Plus Web Player "file://" Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA45550 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45550/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45550 RELEASE DATE: 2011-09-15 DISCUSS ADVISORY: http://secunia.com/advisories/45550/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45550/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45550 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Krystian Kloskowski (h07) has discovered a vulnerability in DivX Plus Web Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within DivXPlaybackModule.dll when processing overly long "file://" URLs, which can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into visiting a malicious website. The vulnerability is confirmed in version 2.1.2.265. Other versions may also be affected SOLUTION: Do not visit untrusted websites. PROVIDED AND/OR DISCOVERED BY: Krystian Kloskowski (h07) via Secunia OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 15:50:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Sep 2011 00:50:51 +0200 Subject: [SEC] [SA46026] Fedora update for ecryptfs-utils Message-ID: <201109152250.p8FMop5x028385@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Fedora update for ecryptfs-utils SECUNIA ADVISORY ID: SA46026 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46026/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46026 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46026/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46026/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46026 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for ecryptfs-utils. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. For more information: SA45747 SOLUTION: Apply updated packages via the yum utility ("yum update ecryptfs-utils"). ORIGINAL ADVISORY: FEDORA-2011-11979: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065952.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 16:15:56 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Sep 2011 01:15:56 +0200 Subject: [SEC] [SA46027] Fedora update for rsyslog Message-ID: <201109152315.p8FNFuRu018598@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Fedora update for rsyslog SECUNIA ADVISORY ID: SA46027 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46027/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46027 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46027/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46027/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46027 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for rsyslog. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. For more information: SA45848 SOLUTION: Apply updated packages via the yum utility ("yum update rsyslog"). ORIGINAL ADVISORY: FEDORA-2011-12282: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065941.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 16:50:19 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Sep 2011 01:50:19 +0200 Subject: [SEC] [SA46016] CiscoWorks LAN Management Solution Two Unspecified Vulnerabilities Message-ID: <201109152350.p8FNoJWL009278@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: CiscoWorks LAN Management Solution Two Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA46016 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46016/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46016 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46016/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46016/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46016 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in CiscoWorks LAN Management Solution, which can be exploited by malicious people to compromise a vulnerable system. For more information: SA45979 Successful exploitation requires the "Device Fault Management" component to be installed. The vulnerabilities are reported in versions 3.1 and 3.2. SOLUTION: Upgrade to version 4.1. PROVIDED AND/OR DISCOVERED BY: The vendor credits AbdulAziz Hariri via ZDI. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110914-lms.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 17:18:03 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Sep 2011 02:18:03 +0200 Subject: [SEC] [SA45991] phpMyAdmin Multiple Script Insertion Vulnerabilities Message-ID: <201109160018.p8G0I33O032060@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: phpMyAdmin Multiple Script Insertion Vulnerabilities SECUNIA ADVISORY ID: SA45991 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45991/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45991 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/45991/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45991/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45991 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to conduct script insertion attacks. 1) Certain input passed to row content after inline editing and saving is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. 2) Certain input passed to table, column, and index names is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. The vulnerabilities are reported in versions 3.4.0 through 3.4.4. SOLUTION: Update to version 3.4.5. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Brad Bernard 2) Nils Juenemann ORIGINAL ADVISORY: PMASA-2011-14: http://www.phpmyadmin.net/home_page/security/PMASA-2011-14.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 17:51:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Sep 2011 02:51:46 +0200 Subject: [SEC] [SA45979] Cisco Products Two Unspecified Vulnerabilities Message-ID: <201109160051.p8G0pk70022703@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco Products Two Unspecified Vulnerabilities SECUNIA ADVISORY ID: SA45979 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45979/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45979 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/45979/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45979/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45979 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in multiple Cisco products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerabilities exists due to two unspecified errors and can be exploited via specially crafted packets sent to TCP port 9002. Successful exploitation may allow execution of arbitrary code. The vulnerabilities are reported in the following products: * CiscoWorks Prime LAN Management Solution version 4.0. * Cisco Unified Service Monitor prior to version 8.6. * Cisco Unified Operations Manager prior to version 8.6. SOLUTION: Update to a fixed version. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: The vendor credits AbdulAziz Hariri via ZDI. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110914-lms.shtml http://www.cisco.com/warp/public/707/cisco-sa-20110914-cusm.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 18:15:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Sep 2011 03:15:49 +0200 Subject: [SEC] [SA45881] Tahoe-LAFS Cancellation Secret Disclosure Share Deletion Vulnerability Message-ID: <201109160115.p8G1FnAG012871@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Tahoe-LAFS Cancellation Secret Disclosure Share Deletion Vulnerability SECUNIA ADVISORY ID: SA45881 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/45881/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=45881 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/45881/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/45881/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=45881 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Tahoe-LAFS, which can be exploited by malicious people to manipulate certain data. The vulnerability is caused due to Tahoe-LAFS not properly preventing clients from reading past the end of share data, which can be used to gain knowledge of the cancellation secret. This can be exploited to delete shares from the server by e.g. calling the "remote_cancel_lease()" function. The vulnerability is reported in versions 1.3.0 through 1.8.2. SOLUTION: Update to version 1.8.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tahoe-lafs.org/pipermail/tahoe-dev/2011-September/006675.html http://tahoe-lafs.org/trac/tahoe-lafs/ticket/1528 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 15 18:49:58 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 16 Sep 2011 03:49:58 +0200 Subject: [SEC] [SA46024] Ubuntu update for cups Message-ID: <201109160149.p8G1nwJI003546@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Ubuntu update for cups SECUNIA ADVISORY ID: SA46024 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46024/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46024 RELEASE DATE: 2011-09-16 DISCUSS ADVISORY: http://secunia.com/advisories/46024/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46024/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46024 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for cups. This fixes two vulnerabilities, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information: SA45713 SA45796 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1207-1: http://www.ubuntu.com/usn/usn-1207-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 21 01:01:37 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Sep 2011 10:01:37 +0200 Subject: [SEC] [SA46095] JasperReports Server Cross-Site Request Forgery Vulnerability Message-ID: <201109210801.p8L81bQQ022966@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: JasperReports Server Cross-Site Request Forgery Vulnerability SECUNIA ADVISORY ID: SA46095 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46095/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46095 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46095/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46095/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46095 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in JasperReports Server, which can be exploited by malicious people to conduct cross-site request forgery attacks. The vulnerability is caused due to the application allowing users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. add new users when a logged-in administrator visits a specially crafted web page. The vulnerability is confirmed in JasperReports Server 4.1.0. Other versions may also be affected. SOLUTION: Do not browse untrusted websites while being logged in to the application. PROVIDED AND/OR DISCOVERED BY: Originally reported in JasperServer 3.7.0 by Jos? Vila Montaner, S2Grupo CSIRT-cv. ORIGINAL ADVISORY: http://www.csirtcv.gva.es/sites/all/files/images/content/%5BCSIRT-cv%5D%20JasperServer%203.7.0%20CE%20CSRF%20Advisory.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 21 10:39:26 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Sep 2011 19:39:26 +0200 Subject: [SEC] [SA46088] WordPress Category List Portfolio Page Plugin "src" Arbitrary File Upload Vulnerability Message-ID: <201109211739.p8LHdQNN026976@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress Category List Portfolio Page Plugin "src" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46088 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46088/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46088 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46088/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46088/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46088 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Category List Portfolio Page plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/category-list-portfolio-page/scripts/timthumb.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files. This may be related to vulnerability #1 in: SA45416 The vulnerability is confirmed in version 1.2.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 21 11:38:28 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Sep 2011 20:38:28 +0200 Subject: [SEC] [SA46036] WordPress Auto Attachments Plugin "src" Arbitrary File Upload Vulnerability Message-ID: <201109211838.p8LIcSWR019051@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress Auto Attachments Plugin "src" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46036 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46036/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46036 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46036/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46036/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46036 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Auto Attachments plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/auto-attachments/thumb.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files. This may be related to vulnerability #1 in: SA45416 The vulnerability is confirmed in version 0.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 21 12:35:59 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Sep 2011 21:35:59 +0200 Subject: [SEC] [SA46108] WordPress LISL Last-Image Slider Plugin "src" Arbitrary File Upload Vulnerability Message-ID: <201109211935.p8LJZxGI011047@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress LISL Last-Image Slider Plugin "src" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46108 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46108/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46108 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46108/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46108/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46108 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the LISL Last-Image Slider plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/lisl-last-image-slider/timthumb.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files. This may be related to vulnerability #1 in: SA45416 The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 21 13:35:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Sep 2011 22:35:21 +0200 Subject: [SEC] [SA46100] WordPress Rent-A-Car Plugin "src" Arbitrary File Upload Vulnerability Message-ID: <201109212035.p8LKZLXX003139@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress Rent-A-Car Plugin "src" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46100 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46100/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46100 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46100/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46100/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46100 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Rent-A-Car plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/rent-a-car/libs/timthumb.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files. This may be related to vulnerability #1 in: SA45416 The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 21 14:30:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 21 Sep 2011 23:30:39 +0200 Subject: [SEC] [SA46100] WordPress Rent-A-Car Plugin "src" Arbitrary File Upload Vulnerability Message-ID: <201109212130.p8LLUdla027448@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress Rent-A-Car Plugin "src" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46100 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46100/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46100 RELEASE DATE: 2011-09-21 DISCUSS ADVISORY: http://secunia.com/advisories/46100/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46100/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46100 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Rent-A-Car plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/rent-a-car/libs/timthumb.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files. This may be related to vulnerability #1 in: SA45416 The vulnerability is confirmed in version 1.0. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly verified. PROVIDED AND/OR DISCOVERED BY: Ben Schmidt ORIGINAL ADVISORY: Ben Schmidt: http://spareclockcycles.org/2011/09/18/exploitring-the-wordpress-extension-repos/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 10:37:53 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 28 Sep 2011 19:37:53 +0200 Subject: [SEC] [SA46204] Mozilla SeaMonkey Multiple Vulnerabilities Message-ID: <201109281737.p8SHbrqp015254@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Mozilla SeaMonkey Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46204 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46204/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46204 RELEASE DATE: 2011-09-28 DISCUSS ADVISORY: http://secunia.com/advisories/46204/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46204/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46204 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA46171 The vulnerabilities are reported in versions prior to 2.4. SOLUTION: Update to version 2.4. ORIGINAL ADVISORY: Mozilla: http://www.mozilla.org/security/announce/2011/mfsa2011-36.html http://www.mozilla.org/security/announce/2011/mfsa2011-38.html http://www.mozilla.org/security/announce/2011/mfsa2011-39.html http://www.mozilla.org/security/announce/2011/mfsa2011-40.html http://www.mozilla.org/security/announce/2011/mfsa2011-41.html http://www.mozilla.org/security/announce/2011/mfsa2011-42.html http://www.mozilla.org/security/announce/2011/mfsa2011-43.html http://www.mozilla.org/security/announce/2011/mfsa2011-44.html http://www.mozilla.org/security/announce/2011/mfsa2011-45.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 11:39:23 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 28 Sep 2011 20:39:23 +0200 Subject: [SEC] [SA46171] Mozilla Firefox Multiple Vulnerabilities Message-ID: <201109281839.p8SIdNGS007525@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46171 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46171/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46171 RELEASE DATE: 2011-09-28 DISCUSS ADVISORY: http://secunia.com/advisories/46171/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46171/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46171 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple weaknesses and vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. 1) Some unspecified errors can be exploited to corrupt memory. No further information is currently available. 2) An error in the implementation of the "window.location" JavaScript object when creating named frames can be exploited to bypass the same-origin policy and e.g. conduct cross-site scripting attacks. 3) A malicious application or extension could be downloaded and executed if a user is convinced into holding down the "Enter" key via e.g. a malicious game. 4) An error within WebGL's ANGLE library does not properly check for return values from the "GrowAtomTable()" function and can be exploited to cause a buffer overflow by sending a series of requests. 5) An unspecified error within WebGL can be exploited to corrupt memory. 6) An unspecified error within the YARR regular expression library can be exploited to corrupt memory. 7) An error exists within the JSSubScriptLoader, which incorrectly unwraps "XPCNativeWrappers". This can be exploited to execute arbitrary code by tricking a user into installing a malicious plug-in. 8) A use-after-free error existing when parsing OGG headers. 9) A weakness exists when handling multiple tabs and can be exploited to detect keystrokes sent to another tab. NOTE: Additionally, a weakness exists when handling the "Location" header, which can lead to response splitting attacks when visiting a vulnerable web server. SOLUTION: Upgrade to version 7.0. PROVIDED AND/OR DISCOVERED BY: 10) Liang Cai and Hao Chen. The vendor credits: 1) Benjamin Smedberg, Bob Clary, Jesse Ruderman, Andrew McCreight, Andreas Gal, Gary Kwong, Igor Bukanov, Jason Orendorff, and Marcia Knous. 2) Boris Zbarsky. 3) Mariusz Mlynski. 4) Michael Jordon, Context IS. 5) Ben Hawkes, the Google Security Team. 6) Aki Helin. 7) David Rees. 8) sczimmer. 9) Liang Cai and Hao Chen ORIGINAL ADVISORY: Mozilla: http://www.mozilla.org/security/announce/2011/mfsa2011-36.html http://www.mozilla.org/security/announce/2011/mfsa2011-38.html http://www.mozilla.org/security/announce/2011/mfsa2011-39.html http://www.mozilla.org/security/announce/2011/mfsa2011-40.html http://www.mozilla.org/security/announce/2011/mfsa2011-41.html http://www.mozilla.org/security/announce/2011/mfsa2011-42.html http://www.mozilla.org/security/announce/2011/mfsa2011-43.html http://www.mozilla.org/security/announce/2011/mfsa2011-44.html http://www.mozilla.org/security/announce/2011/mfsa2011-45.html Liang Cai and Hao Chen: http://www.usenix.org/events/hotsec11/tech/final_files/Cai.pdf OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 12:37:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 28 Sep 2011 21:37:00 +0200 Subject: [SEC] [SA46203] Mozilla Firefox Multiple Vulnerabilities Message-ID: <201109281937.p8SJb0Bp032004@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Mozilla Firefox Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46203 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46203/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46203 RELEASE DATE: 2011-09-28 DISCUSS ADVISORY: http://secunia.com/advisories/46203/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46203/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46203 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. 1) Some unspecified errors can be exploited to corrupt memory. No further information is currently available. 2) An integer underflow error exists within the Regular Expression engine when evaluating certain regular expressions. 3) An error in the implementation of the "window.location" JavaScript object can be exploited to bypass the same-origin policy. For more information see vulnerability #2 in: SA46171 4) A malicious application or extension could be downloaded and executed if a user is convinced into holding down the "Enter" key via e.g. a malicious game. NOTE: Additionally, a weakness exists when handling the "Location" header, which can lead to response splitting attacks when visiting a vulnerable web server. The vulnerabilities are reported in versions prior to 3.6.23. SOLUTION: Update to version 3.6.23. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Benjamin Smedberg, Bob Clary, Jesse Ruderman, and Josh Aas. 2) Mark Kaplan 3) Boris Zbarsky 4) Mariusz Mlynski ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2011/mfsa2011-36.html http://www.mozilla.org/security/announce/2011/mfsa2011-37.html http://www.mozilla.org/security/announce/2011/mfsa2011-38.html http://www.mozilla.org/security/announce/2011/mfsa2011-39.html http://www.mozilla.org/security/announce/2011/mfsa2011-40.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 13:36:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 28 Sep 2011 22:36:42 +0200 Subject: [SEC] [SA46170] TYPO3 jQuery Colorbox Extension Cross-Site Scripting Vulnerability Message-ID: <201109282036.p8SKag3c024212@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TYPO3 jQuery Colorbox Extension Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46170 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46170/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46170 RELEASE DATE: 2011-09-28 DISCUSS ADVISORY: http://secunia.com/advisories/46170/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46170/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46170 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the jQuery Colorbox extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions 1.3.5 and earlier. SOLUTION: Update to version 1.4.0. PROVIDED AND/OR DISCOVERED BY: The vendor credits Chris M?ller. ORIGINAL ADVISORY: TYPO3-EXT-SA-2011-012: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-012/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 14:29:45 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 28 Sep 2011 23:29:45 +0200 Subject: [SEC] [SA46202] FreeBSD UNIX Domain Socket Handling Privilege Escalation Vulnerability Message-ID: <201109282129.p8SLTj6G016049@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: FreeBSD UNIX Domain Socket Handling Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA46202 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46202/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46202 RELEASE DATE: 2011-09-28 DISCUSS ADVISORY: http://secunia.com/advisories/46202/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46202/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46202 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in FreeBSD, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to a boundary error within the "uipc_bind()" function (sys/kern/uipc_usrreq.c) when handling the socket length and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code with "root" privileges. SOLUTION: Update FreeBSD or apply patches. PROVIDED AND/OR DISCOVERED BY: The vendor credits Mateusz Guzik. ORIGINAL ADVISORY: http://security.freebsd.org/advisories/FreeBSD-SA-11:05.unix.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 14:50:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Wed, 28 Sep 2011 23:50:33 +0200 Subject: [SEC] [SA44328] TYPO3 RTG Files Extension SQL Injection Vulnerability Message-ID: <201109282150.p8SLoX7h006242@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TYPO3 RTG Files Extension SQL Injection Vulnerability SECUNIA ADVISORY ID: SA44328 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44328/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44328 RELEASE DATE: 2011-09-28 DISCUSS ADVISORY: http://secunia.com/advisories/44328/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44328/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44328 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the RTG Files extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions 1.5.1 and earlier. SOLUTION: Update to version 1.5.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Sebastian B?ttger, TYPO3 Security Team. ORIGINAL ADVISORY: TYPO3-EXT-SA-2011-012: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-012/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 15:16:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 00:16:02 +0200 Subject: [SEC] [SA46167] TYPO3 dev/null robots.txt Extension SQL Injection Vulnerability Message-ID: <201109282216.p8SMG29Y029128@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TYPO3 dev/null robots.txt Extension SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46167 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46167/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46167 RELEASE DATE: 2011-09-28 DISCUSS ADVISORY: http://secunia.com/advisories/46167/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46167/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46167 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the dev/null robots.txt extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in versions prior to 1.0.2. SOLUTION: Update to version 1.0.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Marcus Krause, TYPO3 Security Team. ORIGINAL ADVISORY: TYPO3-EXT-SA-2011-012: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-012/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 15:51:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 00:51:49 +0200 Subject: [SEC] [SA46169] WordPress Mingle Forum "edit_post_id" SQL Injection Vulnerability Message-ID: <201109282251.p8SMpn1b020088@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress Mingle Forum "edit_post_id" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46169 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46169/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46169 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46169/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46169/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46169 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Miroslav Stampar has discovered a vulnerability in the Mingle Forum plugin for WordPress, which can be exploited by malicious users and malicious people to conduct SQL injection attacks. Input passed to the "edit_post_id" parameter in wp-content/plugins/mingle-forum/wpf-insert.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is confirmed in version 1.0.31. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Miroslav Stampar ORIGINAL ADVISORY: http://unconciousmind.blogspot.com/2011/09/wordpress-mingle-forum-plugin-1031-sql.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 16:16:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 01:16:06 +0200 Subject: [SEC] [SA46201] FreeBSD update for compress Message-ID: <201109282316.p8SNG66i010469@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: FreeBSD update for compress SECUNIA ADVISORY ID: SA46201 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46201/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46201 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46201/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46201/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46201 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: FreeBSD has issued an update for compress. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA45544 SOLUTION: Update FreeBSD or apply patches. ORIGINAL ADVISORY: http://security.freebsd.org/advisories/FreeBSD-SA-11:04.compress.asc OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 16:51:07 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 01:51:07 +0200 Subject: [SEC] [SA46193] ImpressPages CMS Unspecified Code Execution Vulnerability Message-ID: <201109282351.p8SNp7Zv001359@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: ImpressPages CMS Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA46193 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46193/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46193 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46193/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46193/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46193 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in ImpressPages CMS, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerability is reported in version 1.0.12. Prior versions may also be affected. SOLUTION: Update to version 1.0.13. PROVIDED AND/OR DISCOVERED BY: David Middlehurst, NGS Secure. ORIGINAL ADVISORY: NGS Secure: http://archives.neohapsis.com/archives/bugtraq/2011-09/0157.html ImpressPages CMS: http://www.impresspages.org/news/impresspages-1-0-13-security-release/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 17:18:42 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 02:18:42 +0200 Subject: [SEC] [SA46175] WordPress Simple Slide Show Plugin "src" Arbitrary File Upload Vulnerability Message-ID: <201109290018.p8T0Ig2Q024360@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress Simple Slide Show Plugin "src" Arbitrary File Upload Vulnerability SECUNIA ADVISORY ID: SA46175 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46175/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46175 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46175/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46175/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46175 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the Simple Slide Show plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system. Input passed via the "src" parameter in wp-content/plugins/simple-slide-show/timthumb.php is not properly verified before being used to cache files. This can be exploited to upload and execute arbitrary PHP files. This may be related to vulnerability #1 in: SA45416 The vulnerability is reported in version 1.0. Prior versions may also be affected. SOLUTION: Update to version 1.1. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Simple Slide Show: http://wordpress.org/extend/plugins/simple-slide-show/changelog/ http://plugins.trac.wordpress.org/changeset?reponame=&new=444362%40simple-slide-show&old=355973%40simple-slide-show OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 17:52:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 02:52:12 +0200 Subject: [SEC] [SA46152] Sterling Trader Data Processing Integer Overflow Vulnerability Message-ID: <201109290052.p8T0qC0N015240@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Sterling Trader Data Processing Integer Overflow Vulnerability SECUNIA ADVISORY ID: SA46152 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46152/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46152 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46152/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46152/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46152 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Luigi Auriemma has discovered a vulnerability in Sterling Trader, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an integer overflow error in Base.exe when allocating memory to process certain data. This can be exploited to cause a heap-based buffer overflow via a specially crafted packet sent to a certain TCP port. Successful exploitation may allow execution of arbitrary code, but requires guessing a TCP port, which changes when the application starts. The vulnerability is confirmed in version 7.0.2. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: Luigi Auriemma ORIGINAL ADVISORY: http://aluigi.altervista.org/adv/sterling_1-adv.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 18:17:46 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 03:17:46 +0200 Subject: [SEC] [SA46191] Fedora update for phpMyAdmin Message-ID: <201109290117.p8T1Hk8g005674@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Fedora update for phpMyAdmin SECUNIA ADVISORY ID: SA46191 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46191/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46191 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46191/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46191/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46191 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for phpMyAdmin. This fixes multiple vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks. For more information: SA45991 SOLUTION: Apply updated packages via the yum utility ("yum update phpMyAdmin"). ORIGINAL ADVISORY: FEDORA-2011-12918: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066335.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 19:07:13 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 04:07:13 +0200 Subject: [SEC] [SA46089] Ayco Shop Multiple SQL Injection Vulnerabilities Message-ID: <201109290207.p8T27Di3030208@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Ayco Shop Multiple SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA46089 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46089/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46089 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46089/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46089/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46089 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Ayco Shop, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "id" parameter to urundetay.asp, default.asp, and linkler.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 1.0. Other versions may also be affected. SOLUTION: Filter malicious characters and character sequences using a proxy. PROVIDED AND/OR DISCOVERED BY: m3rciL3Ss OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 19:32:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 04:32:49 +0200 Subject: [SEC] [SA46168] Microsoft Windows SSL/TLS Initialization Vector Selection Weakness Message-ID: <201109290232.p8T2WnPN020652@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Microsoft Windows SSL/TLS Initialization Vector Selection Weakness SECUNIA ADVISORY ID: SA46168 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46168/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46168 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46168/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46168/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46168 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A weakness has been reported in Microsoft Windows, which can be exploited by malicious people to disclose potentially sensitive information and hijack a user's session. The weakness is caused due to a design error in the Secure Sockets Layer 3.0 (SSL) and Transport Layer Security 1.0 (TLS) protocols when selecting a Initialization Vector (IV) used with symmetric cipher suites in CBC mode (e.g. AES). This can be exploited to conduct a chosen-plaintext attack which would allow the decryption of e.g HTTPS sessions via a Man-in-the-Middle (MitM) attack. SOLUTION: As a workaround enable TLS 1.1 or 1.2 (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by Thai Duong and Juliano Rizzo. ORIGINAL ADVISORY: Microsoft (KB2588513): http://technet.microsoft.com/en-us/security/advisory/2588513 Thai Duong: http://vnhacker.blogspot.com/2011/09/beast.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 20:03:00 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 05:03:00 +0200 Subject: [SEC] [SA46205] Mozilla Thunderbird Multiple Vulnerabilities Message-ID: <201109290303.p8T330TV011341@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Mozilla Thunderbird Multiple Vulnerabilities SECUNIA ADVISORY ID: SA46205 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46205/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46205 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46205/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46205/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46205 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to compromise a user's system. For more information: SA46171 SOLUTION: Upgrade to version 7.0. ORIGINAL ADVISORY: http://www.mozilla.org/security/announce/2011/mfsa2011-36.html http://www.mozilla.org/security/announce/2011/mfsa2011-38.html http://www.mozilla.org/security/announce/2011/mfsa2011-39.html http://www.mozilla.org/security/announce/2011/mfsa2011-40.html http://www.mozilla.org/security/announce/2011/mfsa2011-42.html http://www.mozilla.org/security/announce/2011/mfsa2011-44.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 20:29:54 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 05:29:54 +0200 Subject: [SEC] [SA46178] WordPress Multisite Global Search Plugin "mssearch" Cross-Site Scripting Vulnerability Message-ID: <201109290329.p8T3TsJM001814@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: WordPress Multisite Global Search Plugin "mssearch" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46178 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46178/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46178 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46178/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46178/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46178 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been discovered in the Multisite Global Search plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "mssearch" parameter to the URL is not properly sanitised in wp-content/plugins/multisite-global-search/inc/shortcodes.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 1.2.5. Prior versions may also be affected. SOLUTION: Update to version 1.2.6. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Multisite Global Search: http://wordpress.org/extend/plugins/multisite-global-search/changelog/ http://plugins.trac.wordpress.org/changeset/443443/multisite-global-search/trunk/inc/shortcodes.php?old=362733&old_path=multisite-global-search%2Ftrunk%2Finc%2Fshortcodes.php OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 20:50:21 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 05:50:21 +0200 Subject: [SEC] [SA46166] Serendipity Freetag Plugin "serendipity[tagview]" Cross-Site Scripting Vulnerability Message-ID: <201109290350.p8T3oLWN024458@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Serendipity Freetag Plugin "serendipity[tagview]" Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46166 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46166/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46166 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46166/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46166/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46166 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Stefan Schurtz has discovered a vulnerability in the Freetag plugin for Serendipity, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "serendipity[tagview]" parameter to serendipity_admin (when "serendipity[adminModule]" is set to "event_display" and "serendipity[adminAction]" is set to "managetags") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 3.29. Other versions may also be affected. SOLUTION: Update to version 3.32 or later. PROVIDED AND/OR DISCOVERED BY: Stefan Schurtz ORIGINAL ADVISORY: SSCHADV2011-016: http://www.rul3z.de/advisories/SSCHADV2011-016.txt Freetag Plugin Changelog: http://php-blog.cvs.sourceforge.net/viewvc/php-blog/additional_plugins/serendipity_event_freetag/ChangeLog OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 21:16:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 06:16:14 +0200 Subject: [SEC] [SA46177] Flynax Classifieds Products "f[city]" SQL Injection Vulnerability Message-ID: <201109290416.p8T4GE8B014935@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Flynax Classifieds Products "f[city]" SQL Injection Vulnerability SECUNIA ADVISORY ID: SA46177 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46177/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46177 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46177/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46177/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46177 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Flynax Classifieds products, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the "f[city]" parameter to dealers.html is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerability is reported in version 3.2. Prior versions may also be affected. SOLUTION: The vendor recommends editing the source code. Please see the vendor's advisory for more information. PROVIDED AND/OR DISCOVERED BY: Nasel Penetration Testing Team ORIGINAL ADVISORY: Flynax: http://www.flynax.com/support/forum/viewtopic.php?f=19&t=297&sid=a0df8237d29d6882b58127912933d343 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 21:51:14 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 06:51:14 +0200 Subject: [SEC] [SA43513] Novell GroupWise Multiple Vulnerabilities Message-ID: <201109290451.p8T4pEnt005851@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Novell GroupWise Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43513 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43513/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43513 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/43513/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43513/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43513 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Novell GroupWise, which can be exploited by malicious users to conduct script insertion attacks, cause a DoS (Denial of Service), or potentially compromise a vulnerable system and by malicious people to compromise a vulnerable system. 1) An integer truncation error exists in NgwiCalVTimeZoneBody::ParseSelf() within gwwww1.dll when GroupWise Internet Agent parses the "TZNAME" variable in VCALENDAR data. This can be exploited to cause a heap-based buffer overflow via a specially crafted e-mail containing an overly long "TZNAME" property value. Successful exploitation of this vulnerability may allow execution of arbitrary code. 2) A boundary error in GroupWise Internet Agent (gwia.exe) when handling requests for certain .css resources can be exploited to cause a limited stack-based buffer overflow via a specially crafted, overly long request to the HTTP interface (port 9850/TCP). Successful exploitation of this vulnerability requires valid credentials to the service. 3) Input passed via the "Directory.Item.name" parameter when adding an organization to the address book, via the "Directory.Item.displayName" parameter when adding a new contact to the address book, and via the "Directory.Item.name" when adding a new resource to the address book is not properly sanitised in the WebAccess component before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed. 4) An unspecified error in GroupWise Internet Agent can be exploited to crash the service via specially crafted data. 5) An unspecified error in GroupWise Internet Agent when parsing weekday calendar recurrence (RRULE) variables in VCALENDAR messages may allow execution of arbitrary code. 6) An unspecified error in GroupWise Internet Agent when parsing weekly calendar recurrence (RRULE) variables in VCALENDAR messages may allow execution of arbitrary code. 7) An unspecified error in GroupWise Internet Agent when parsing certain yearly calendar recurrence (RRULE) variables in VCALENDAR messages may allow execution of arbitrary code. 8) The software bundles a vulnerable version of Oracle "Outside In" technology for viewing of various file attachments. For more information: SA44295 SA45297 The vulnerabilities are reported in version 8.0.2 HP2. Prior versions may also be affected. SOLUTION: Update to version 8.02 Hot Patch 3 or later. PROVIDED AND/OR DISCOVERED BY: 1) Independently discovered by Carsten Eiram, Secunia Research and an anonymous person via iDefense. 2) Carsten Eiram, Secunia Research. 3) Joshua Tiago, Cirosec via Secunia. The vendor also credits: 4) James Ogden, Salford Software. 5) An anonymous person via ZDI and an anonymous person via iDefense. 6, 7) An anonymous person via iDefense. ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2011-66/ http://secunia.com/secunia_research/2011-67/ Novell: http://www.novell.com/support/viewContent.do?externalId=7009208 http://www.novell.com/support/viewContent.do?externalId=7009210 http://www.novell.com/support/viewContent.do?externalId=7009214 http://www.novell.com/support/viewContent.do?externalId=7006378 http://www.novell.com/support/viewContent.do?externalId=7009212 http://www.novell.com/support/viewContent.do?externalId=7009215 http://www.novell.com/support/viewContent.do?externalId=7009216 http://www.novell.com/support/viewContent.do?externalId=7009207 http://www.novell.com/support/viewContent.do?externalId=7009213 iDefense: https://labs.idefense.com/verisign/intelligence/2009/vulnerabilities/display.php?id=943 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Wed Sep 28 22:17:50 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 07:17:50 +0200 Subject: [SEC] [SA46139] Quagga Multiple Denial of Service Vulnerabilities Message-ID: <201109290517.p8T5HoOc028776@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Quagga Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46139 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46139/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46139 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46139/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46139/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46139 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Quagga, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in ospf6d when handling the length of IPv6 prefix structures within Link State Update messages can be exploited to crash the daemon and disrupt IPv6 routing. 2) An assertion error in ospf6d when processing Database Description messages can be exploited to terminate the daemon and disrupt IPv6 routing. 3) An error in ospfd when processing Hello messages can be exploited to crash the daemon and disrupt IPv4 routing. 4) An error in ospfd when processing Link State Advertisement (LSA) types within Link State Update messages can be exploited to crash the daemon and disrupt IPv4 routing. 5) An error in bgpd when handling AS_PATH attributes within UPDATE messages can be exploited to cause a heap-based buffer overflow resulting in a crash of the daemon and disruption of IPv4 routing. The vulnerabilities are reported in versions prior to 0.99.19. SOLUTION: Update to version 0.99.19. PROVIDED AND/OR DISCOVERED BY: Riku Hietam?ki, Tuomo Untinen, and Jukka Taimisto, Codenomicon CROSS project via CERT-FI. ORIGINAL ADVISORY: Quagga: http://www.quagga.net/download/quagga-0.99.19.changelog.txt CERT-FI: https://www.cert.fi/en/reports/2011/vulnerability539178.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 10:39:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 19:39:11 +0200 Subject: [SEC] [SA46165] Cisco IOS Smart Install Unspecified Code Execution Vulnerability Message-ID: <201109291739.p8THdBYZ023264@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco IOS Smart Install Unspecified Code Execution Vulnerability SECUNIA ADVISORY ID: SA46165 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46165/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46165 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46165/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46165/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46165 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to compromise a vulnerable device. The vulnerability is caused due to an unspecified error in the Smart Install feature and can be exploited via specially crafted packets sent to TCP port 4786. Successful exploitation may allow execution of arbitrary code. NOTE: The vulnerability affects Cisco Catalyst Switches and Cisco Integrated Services Routers only. Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits Greg Jones, Digital Assurance. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-smart-install.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 11:51:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 20:51:17 +0200 Subject: [SEC] [SA46194] Red Hat update for seamonkey Message-ID: <201109291851.p8TIpHYm028229@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Red Hat update for seamonkey SECUNIA ADVISORY ID: SA46194 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46194/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46194 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46194/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46194/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46194 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for seamonkey. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA46192 SA46203 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1344-1: https://rhn.redhat.com/errata/RHSA-2011-1344.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 12:57:39 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 21:57:39 +0200 Subject: [SEC] [SA46190] Red Hat update for thunderbird Message-ID: <201109291957.p8TJvdm3032061@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA46190 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46190/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46190 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46190/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46190/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46190 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA46192 SA46205 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1342-01: https://rhn.redhat.com/errata/RHSA-2011-1342.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 13:38:17 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 22:38:17 +0200 Subject: [SEC] [SA46184] Red Hat update for thunderbird Message-ID: <201109292038.p8TKcHHY027800@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Red Hat update for thunderbird SECUNIA ADVISORY ID: SA46184 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46184/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46184 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46184/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46184/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46184 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Red Hat has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA46192 SA46205 SOLUTION: Updated packages are available via Red Hat Network. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: RHSA-2011:1343-1: https://rhn.redhat.com/errata/RHSA-2011-1343.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 14:31:06 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 23:31:06 +0200 Subject: [SEC] [SA46234] Cisco IOS SIP Packet Processing Multiple Denial of Service Vulnerabilities Message-ID: <201109292131.p8TLV6pA019640@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco IOS SIP Packet Processing Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46234 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46234/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46234 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46234/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46234/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46234 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46197 Please see the vendor's advisory for a list of affected versions. SOLUTION: Upgrade to version 3.1.3S or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 14:51:02 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Thu, 29 Sep 2011 23:51:02 +0200 Subject: [SEC] [SA46197] Cisco IOS SIP Packet Processing Multiple Denial of Service Vulnerabilities Message-ID: <201109292151.p8TLp2ja009817@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco IOS SIP Packet Processing Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46197 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46197/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46197 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46197/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46197/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46197 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An unspecified error when processing certain Session Initiation Protocol (SIP) packets can be exploited to reload a device. 2) A memory leak error when processing certain Session Initiation Protocol (SIP) packets can be exploited to reload a device. 3) A memory leak error can be exploited to disrupt voice services. For more information: SA46226 Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-sip.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 15:16:12 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 30 Sep 2011 00:16:12 +0200 Subject: [SEC] [SA46225] Cisco IOS Network Address Translation Multiple Denial of Service Vulnerabilities Message-ID: <201109292216.p8TMGCxk032666@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco IOS Network Address Translation Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46225 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46225/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46225 RELEASE DATE: 2011-09-29 DISCUSS ADVISORY: http://secunia.com/advisories/46225/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46225/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46225 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46179 The vulnerabilities are reported in version 3.1.xSG. SOLUTION: Upgrade to version 3.2.0SG or later. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 15:51:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 30 Sep 2011 00:51:36 +0200 Subject: [SEC] [SA46179] Cisco IOS Network Address Translation Multiple Denial of Service Vulnerabilities Message-ID: <201109292251.p8TMpain023630@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco IOS Network Address Translation Multiple Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46179 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46179/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46179 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46179/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46179/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46179 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the NAT translation of NetMeeting Directory (LDAP) packets can be exploited to cause a device to reload via specially crafted packets sent to TCP port 389. 2) An error in the NAT translation of SIP packets over TCP can be exploited to cause a device to reload via specially crafted packets sent to TCP port 5060 3) An error in the NAT translation of SIP packets over UDP can be exploited to cause a device to reload via specially crafted packets sent to UPD port 5060 Successful exploitation of this vulnerability requires a MPLS enabled device. 4) An error in the NAT translation of SIP packets over UDP can be exploited to cause a device to reload via specially crafted packets sent to UPD port 5060 5) A memory leak error in the NAT translation of SIP packets over UDP can be exploited to exhaust memory via specially crafted packets sent to UDP port 5060. 6) An error in the NAT translation of H.323 packets can be exploited to cause a device to reload via specially crafted packets sent to TCP port 1720. Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 16:16:36 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 30 Sep 2011 01:16:36 +0200 Subject: [SEC] [SA46096] RPM Package Manager Region Offset Parsing Vulnerabilities Message-ID: <201109292316.p8TNGa7W014068@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: RPM Package Manager Region Offset Parsing Vulnerabilities SECUNIA ADVISORY ID: SA46096 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46096/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46096 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46096/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46096/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46096 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been reported in RPM Package Manager, which can be exploited by malicious people to compromise a user's system. 1) A boundary error within the "headerLoad()" function (lib/header.c) when parsing region offsets can be exploited to cause a buffer overflow by tricking a user into e.g. checking signatures of a specially crafted RPM package. 2) An error within the "regionSwab()" function (lib/header.c) when parsing region offsets can be exploited to corrupt memory by tricking a user into e.g. checking signatures of a specially crafted RPM package. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 4.9.1.2. SOLUTION: Update to version 4.9.1.2. PROVIDED AND/OR DISCOVERED BY: Tavis Ormandy in a Red Hat bug. ORIGINAL ADVISORY: RPM Package Manager: http://rpm.org/wiki/Releases/4.9.1.2#Security http://rpm.org/gitweb?p=rpm.git;a=commit;h=11a7e5d95a8ca8c7d4eaff179094afd8bb74fc3f http://rpm.org/gitweb?p=rpm.git;a=commit;h=a48f0e20cbe2ababc88b2fc52fb7a281d6fc1656 Tavis Ormandy: https://bugzilla.redhat.com/show_bug.cgi?id=741606 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 16:50:41 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 30 Sep 2011 01:50:41 +0200 Subject: [SEC] [SA46232] Cisco Jabber Extensible Communications Platform Denial of Service Vulnerability Message-ID: <201109292350.p8TNofmG004956@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco Jabber Extensible Communications Platform Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46232 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46232/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46232 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46232/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46232/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46232 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Jabber Extensible Communications Platform (Jabber XCP), which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46185 SOLUTION: Upgrade to versions 5.4.0.27581 or 5.8.1.27561. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-xcpcupsxml.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 17:18:32 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 30 Sep 2011 02:18:32 +0200 Subject: [SEC] [SA46198] Cisco IOS IPS and Zone-Based Firewall Two Denial of Service Vulnerabilities Message-ID: <201109300018.p8U0IWB2027942@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco IOS IPS and Zone-Based Firewall Two Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA46198 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46198/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46198 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46198/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46198/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46198 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) A memory leak error during a high rate of new session creation flows can be exploited to exhaust memory. 2) An unspecified error when processing HTTP packets can be exploited to cause the device to hang or crash. Please see the vendor's advisory for a list of affected versions. SOLUTION: Update to a fixed version (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-zbfw.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 17:50:51 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 30 Sep 2011 02:50:51 +0200 Subject: [SEC] [SA46233] Cisco Unified Presence Nested XML Entities Denial of Service Message-ID: <201109300050.p8U0op05018754@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco Unified Presence Nested XML Entities Denial of Service SECUNIA ADVISORY ID: SA46233 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46233/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46233 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46233/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46233/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46233 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Unified Presence, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling certain XML requests, which can be exploited to e.g. cause a high CPU and memory resource consumption and crashes via heavily nested XML entities. The vulnerability is reported in versions prior to 8.5(4). SOLUTION: Update to version 8.5(4). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-xcpcupsxml.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 18:16:33 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 30 Sep 2011 03:16:33 +0200 Subject: [SEC] [SA46196] Ubuntu update for thunderbird Message-ID: <201109300116.p8U1GX27009214@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Ubuntu update for thunderbird SECUNIA ADVISORY ID: SA46196 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46196/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46196 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46196/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46196/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46196 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Ubuntu has issued an update for thunderbird. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. For more information: SA46205 SOLUTION: Apply updated packages. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ORIGINAL ADVISORY: USN-1213-1: http://www.ubuntu.com/usn/usn-1213-1/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 18:50:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 30 Sep 2011 03:50:49 +0200 Subject: [SEC] [SA46185] Cisco Jabber Extensible Communications Platform Denial of Service Vulnerability Message-ID: <201109300150.p8U1onOF032526@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco Jabber Extensible Communications Platform Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46185 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46185/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46185 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46185/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46185/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46185 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Jabber Extensible Communications Platform (Jabber XCP), which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error when handling certain XML requests, which can be exploited to e.g. cause a high CPU and memory resource consumption and crashes via heavily nested XML entities. This may be related to: SA44787 SOLUTION: Update to versions 5.4.0.27581 or 5.8.1.27561. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-xcpcupsxml.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 19:22:04 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 30 Sep 2011 04:22:04 +0200 Subject: [SEC] [SA46230] Cisco Unified Communications Manager SIP Message Processing Denial of Service Vulnerability Message-ID: <201109300222.p8U2M4It023739@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Cisco Unified Communications Manager SIP Message Processing Denial of Service Vulnerability SECUNIA ADVISORY ID: SA46230 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46230/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46230 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46230/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46230/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46230 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA46226 SOLUTION: Upgrade to version 8.6(1), 8.5(1)su2, or 7.1(5b)su4. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.cisco.com/warp/public/707/cisco-sa-20110928-cucm.shtml OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 19:49:49 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 30 Sep 2011 04:49:49 +0200 Subject: [SEC] [SA46212] TYPO3 T3BLOG Extension Comment Parent Title Cross-Site Scripting Vulnerability Message-ID: <201109300249.p8U2nndd014322@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: TYPO3 T3BLOG Extension Comment Parent Title Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA46212 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46212/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46212 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46212/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46212/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46212 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in the T3BLOG extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Certain input related to the title of the parent comment when posting comments to comments is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is reported in versions prior to 1.1.2. SOLUTION: Update to version 1.1.2. PROVIDED AND/OR DISCOVERED BY: The vendor credits Georg Ringer. ORIGINAL ADVISORY: TYPO3-EXT-SA-2011-011: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2011-013/ OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ---------------------------------------------------------------------- From sec-adv at secunia.com Thu Sep 29 20:14:11 2011 From: sec-adv at secunia.com (Secunia Security Advisories) Date: Fri, 30 Sep 2011 05:14:11 +0200 Subject: [SEC] [SA46220] Fedora update for Django Message-ID: <201109300314.p8U3EBQU004706@CRON-IX-2.intnet> ---------------------------------------------------------------------- The new Secunia Corporate Software Inspector (CSI) 5.0 Integrates with Microsoft WSUS & SCCM and supports Apple Mac OS X. Get a free trial now and qualify for a special discount: http://secunia.com/vulnerability_scanning/corporate/trial/ ---------------------------------------------------------------------- TITLE: Fedora update for Django SECUNIA ADVISORY ID: SA46220 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46220/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46220 RELEASE DATE: 2011-09-30 DISCUSS ADVISORY: http://secunia.com/advisories/46220/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46220/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46220 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Fedora has issued an update for Django. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose certain system information, manipulate certain data, conduct cache poisoning attacks, and cause a DoS (Denial of Service). For more information: SA45939 SOLUTION: Apply updated packages via the yum utility ("yum update Django"). ORIGINAL ADVISORY: FEDORA-2011-12481: http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066389.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=caos-secbox%40lists.infiscale.org ----------------------------------------------------------------------