Category: news
|
Posted by
Staff
299 days ago
Via: http://lists.jammed.com |
Discuss
Staff
299 days ago
Via: http://lists.jammed.com |
Discuss
========================================================================
The Secunia Weekly Advisory Summary
2008-03-06 - 2008-03-13
This week: 73 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia invites you to join us in the biggest IT Expo event of the year
- the RSA Conference in the Moscone Center, San Francisco, California
from 7 to 11 April 2008. If you are interested in going to the expo
exhibit and meeting us, please contact your Secunia Account Executive
for a FREE EXPO PASS!
========================================================================
2) This Week in Brief:
A highly critical vulnerability has been discovered in RealPlayer,
which can be exploited by malicious people to compromise a user's
system.
The vulnerability is caused due to an error within the RealPlayer
ActiveX Control (rmoc3260.dll) when handling the "Console" property.
This can be exploited to cause a memory corruption and execute
arbitrary code when, for example, a user is tricked into visiting a
malicious website.
The vulnerability is confirmed in RealPlayer version 11.0.1 (build
6.0.14.794) including rmoc3260.dll version 6.0.10.45. Other versions
may also be affected. The vulnerability is currently unpatched, so
users are advised to set the kill-bit for the affected ActiveX control.
For more information, refer to: http://secunia.com/advisories/29315/
--
Microsoft has released several Security Bulletins covering various
vulnerabilities. The fixed issues include a highly critical
vulnerability in Microsoft Outlook, two highly critical issues in
Microsoft Office, two highly critical issues in Microsoft Office Web
Components, and seven vulnerabilities in Microsoft Excel, including an
extremely critical in-the-wild exploit circulating since January 2008.
For more information, refer to the following:
http://secunia.com/advisories/29320/
http://secunia.com/advisories/29321/
http://secunia.com/advisories/29328/
http://secunia.com/advisories/28506/
To find out if your home computer is vulnerable to any of these
security problems, scan using the free Personal Software Inspector.
Check if a vulnerable version is installed on computers in your
corporate network, using the Network Software Inspector.
Download the Secunia PSI:
https://psi.secunia.com/
--
Some vulnerabilities have been reported in MailEnable, which can be
exploited by malicious people and malicious users to cause a DoS
(Denial of Service) or by malicious users to compromise a vulnerable
system.
Some of the vulnerabilities are caused due to boundary errors within
the SMTP service (MESMTPC.exe) when handling EXPN or VRFY commands.
These can be exploited to cause the service to crash via a specially
crafted EXPN or VRFY command.
The vendor has issued a hotfix for the issues. For more information,
including the solution, refer to:
http://secunia.com/advisories/29300/
Some boundary errors in the IMAP service (MEIMAPS.EXE) when handling
arguments passed to the FETCH, EXAMINE, and UNSUBSCRIBE commands can be
exploited to cause buffer overflows via overly long arguments.
Successful exploitation allows execution of arbitrary code.
In addition, errors in the IMAP service when handling the SEARCH and
APPEND commands can be exploited to cause the service to crash.
These vulnerabilities are confirmed in MailEnable Professional version
3.13. Other versions may also be affected. No solution is currently
available.
For more information, refer to:
http://secunia.com/advisories/29277/
--
VIRUS ALERTS:
During the past week Secunia collected 95 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA29239] Sun Java JDK / JRE Multiple Vulnerabilities
2. [SA29315] RealPlayer ActiveX Control "Console" Property Memory
Corruption
3. [SA29228] SynCE vdccm Denial of Service and Command Injection
4. [SA29227] WebCT Mail/Discussion Board Message Script Insertion
5. [SA29285] Fedora update for vdccm
6. [SA29238] FreeBSD ppp Buffer Overflow Vulnerability
7. [SA29269] Fedora update for kronolith
8. [SA29240] user-ppp "command_Expand_Interpret()" Buffer Overflow
Vulnerability
9. [SA29255] BosDates Cross-Site Scripting Vulnerabilities
10. [SA29273] Red Hat update for java-1.5.0-sun
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA29351] Cisco User-Changeable Password Multiple Vulnerabilities
[SA29330] Adobe Form Designer/Form Client Buffer Overflow
Vulnerabilities
[SA29328] Microsoft Office Web Components Two Vulnerabilities
[SA29321] Microsoft Office Two Code Execution Vulnerabilities
[SA29320] Microsoft Outlook "mailto:" URI Handling Vulnerability
[SA29315] RealPlayer ActiveX Control "Console" Property Memory
Corruption
[SA29326] StoreFront "CategoryId" SQL Injection Vulnerability
[SA29300] MailEnable SMTP Service EXPN/VRFY Denial of Service
Vulnerabilities
[SA29337] McAfee ePolicy Orchestrator Framework Service Format String
Vulnerability
[SA29346] Internet Explorer FTP Command Injection Vulnerability
[SA29331] Adobe LiveCycle Workflow Web Management Login Cross-Site
Scripting Vulnerability
[SA29308] PacketTrap pt360 TFTP Filename Handling Denial of Service
[SA29306] Acronis True Image Echo Group Server and Windows Agent Denial
of Service
[SA29305] Acronis Snap Deploy PXE Server TFTP Vulnerabilities
[SA29302] Argon Client Management Services TFTP Server Directory
Traversal
[SA29296] RemotelyAnywhere Web Interface Multiple Vulnerabilities
[SA29319] Symantec Altiris Deployment Solution Server Agent Privilege
Escalation
[SA29311] Panda Products cpoint.sys Privilege Escalation
Vulnerabilities
UNIX/Linux:
[SA29340] Red Hat update for java-1.4.2-bea
[SA29329] Mapbender SQL and PHP Code Injection
[SA29314] Gentoo update for ghostscript
[SA29309] Gentoo update for sarg
[SA29307] Gentoo update for mplayer
[SA29375] Fedora update for roundup
[SA29374] Fedora update for horde
[SA29371] UnixWare update for openssh
[SA29364] rPath update for dovecot
[SA29358] XOOPS Tutorials Module "tid" SQL Injection
[SA29357] Fedora update for ruby
[SA29336] Roundup Multiple Vulnerabilities
[SA29333] Gentoo update for icu
[SA29299] QuickTicket "id" SQL Injection Vulnerability
[SA29295] Dovecot Authentication Bypass Vulnerability
[SA29291] Sun Solaris ICU Regular Expressions Vulnerabilities
[SA29288] QuickTalk forum "id" SQL Injection Vulnerability
[SA29341] HP-UX HP CIFS Server Multiple Vulnerabilities
[SA29285] Fedora update for vdccm
[SA29354] Debian update for libnet-dns-perl
[SA29348] Gentoo update for apache
[SA29327] Sun Java Server Faces Input Handling Cross-Site Scripting
[SA29318] rPath update for lighttpd
[SA29313] Red Hat update for tomcat
[SA29304] Gentoo update for pdflib
[SA29303] Ubuntu update for python
[SA29290] Sun Java Web Console Information Disclosure Security Issue
[SA29287] Gentoo update for phpmyadmin
[SA29370] UnixWare "pkgadd" Directory Traversal Vulnerability
[SA29360] IBM WebSphere MQ for HP NonStop Missing Authentication
[SA29350] Red Hat Directory Server Insecure Directory Permissions
[SA29349] IBM AIX Multiple Vulnerabilities
[SA29347] IBM AIX "reboot" Buffer Overflow Vulnerability
[SA29301] AIX "man" Insecure Program Execution Vulnerability
[SA29368] Sun Solaris JDS XscreenSaver Authentication Bypass
[SA29352] Sun Solaris 10 Inter-Process Communication Denial of Service
Other:
Cross Platform:
[SA29316] Motorola Timbuktu Pro Denial of Service and Directory
Traversal Vulnerabilities
[SA29312] MaxDB Multiple Vulnerabilities
[SA29373] EasyCalendar SQL Injection and Cross-Site Scripting
[SA29372] EasyGallery SQL Injection and Cross-Site Scripting
[SA29362] eXV2 bamaGalerie "cid" SQL Injection Vulnerability
[SA29359] eXV2 Bama Galerie Module "cid" SQL Injection
[SA29339] Fully Modded phpBB "k" SQL Injection Vulnerability
[SA29338] Bloo Multiple SQL Injection Vulnerabilities
[SA29335] IBM WebSphere Application Server Multiple Vulnerabilities
[SA29322] PHP-Nuke Hadith Module "cat" SQL Injection
[SA29297] BM Classifieds Two SQL Injection Vulnerabilities
[SA29292] Joomla! eWriting Component "cat" SQL Injection
[SA29286] Horde "theme" Local File Inclusion Vulnerability
[SA29289] ASG-Sentry Network Manager Multiple Vulnerabilities
[SA29355] Polymita BPM-Suite / CollagePortal Cross-Site Scripting
Vulnerabilities
[SA29343] Perl Net::DNS Module DNS Response Denial of Service
[SA29332] Adobe ColdFusion Multiple Vulnerabilities
[SA29310] ManageEngine ServiceDesk Plus Cross-Site Scripting
Vulnerability
[SA29298] Savvy Content Manager "searchterms" Cross-Site Scripting
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA29351] Cisco User-Changeable Password Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2008-03-13
Some vulnerabilities have been reported in Cisco User-Changeable
Password (UCP), which can be exploited by malicious people to conduct
cross-site scripting attacks or potentially to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/29351/
--
[SA29330] Adobe Form Designer/Form Client Buffer Overflow
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-03-12
Some vulnerabilities have been reported in Adobe Form Designer and Form
Client, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/29330/
--
[SA29328] Microsoft Office Web Components Two Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-03-11
Two vulnerabilities have been reported in Microsoft Office Web
Components, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/29328/
--
[SA29321] Microsoft Office Two Code Execution Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-03-11
Two vulnerabilities have been reported in Microsoft Office, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29321/
--
[SA29320] Microsoft Outlook "mailto:" URI Handling Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-03-11
A vulnerability has been reported in Microsoft Outlook, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29320/
--
[SA29315] RealPlayer ActiveX Control "Console" Property Memory
Corruption
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-03-11
Elazar Broad has discovered a vulnerability in RealPlayer, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29315/
--
[SA29326] StoreFront "CategoryId" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-03-13
Nick Merritt has reported a vulnerability in StoreFront, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29326/
--
[SA29300] MailEnable SMTP Service EXPN/VRFY Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-03-10
Some vulnerabilities have been reported in MailEnable, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29300/
--
[SA29337] McAfee ePolicy Orchestrator Framework Service Format String
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-03-13
Luigi Auriemma has discovered a vulnerability in McAfee ePolicy
Orchestrator, which can be exploited by malicious people to cause a DoS
(Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29337/
--
[SA29346] Internet Explorer FTP Command Injection Vulnerability
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2008-03-12
Derek Abdine has discovered a vulnerability in Internet Explorer, which
can be exploited by malicious people to conduct FTP command injection
attacks.
Full Advisory:
http://secunia.com/advisories/29346/
--
[SA29331] Adobe LiveCycle Workflow Web Management Login Cross-Site
Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-03-12
Dave Lewis has reported a vulnerability in Adobe LiveCycle Workflow,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/29331/
--
[SA29308] PacketTrap pt360 TFTP Filename Handling Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-03-10
Luigi Auriemma has reported a vulnerability in PacketTrap pt360 TFTP
server, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/29308/
--
[SA29306] Acronis True Image Echo Group Server and Windows Agent Denial
of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-03-10
Luigi Auriemma has reported some vulnerabilities in Acronis True Image
Echo, which can be exploited by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/29306/
--
[SA29305] Acronis Snap Deploy PXE Server TFTP Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information, DoS
Released: 2008-03-10
Luigi Auriemma has reported some vulnerabilities in Acronis Snap
Deploy, which can be exploited by malicious people to disclose
sensitive information or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29305/
--
[SA29302] Argon Client Management Services TFTP Server Directory
Traversal
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-03-10
Luigi Auriemma has discovered a vulnerability in Argon Client
Management Services, which can be exploited by malicious people to
disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/29302/
--
[SA29296] RemotelyAnywhere Web Interface Multiple Vulnerabilities
Critical: Less critical
Where: From local network
Impact: Cross Site Scripting, DoS
Released: 2008-03-10
Luigi Auriemma and Patrick have reported some vulnerabilities in
RemotelyAnywhere, which can be exploited by malicious people to conduct
cross-site scripting attacks or to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29296/
--
[SA29319] Symantec Altiris Deployment Solution Server Agent Privilege
Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-03-11
A vulnerability has been reported in Symantec Altiris Deployment
Solution, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/29319/
--
[SA29311] Panda Products cpoint.sys Privilege Escalation
Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2008-03-10
Tobias Klein has reported some vulnerabilities in Panda products, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service) or gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/29311/
UNIX/Linux:--
[SA29340] Red Hat update for java-1.4.2-bea
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released: 2008-03-12
Red Hat has issued an update for java-1.4.2-bea. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose potentially sensitive/system
information, cause a DoS (Denial of Service), manipulate data, or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29340/
--
[SA29329] Mapbender SQL and PHP Code Injection
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2008-03-13
RedTeam Pentesting has reported some vulnerabilities in Mapbender,
which can be exploited by malicious people to conduct SQL injection
attacks or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29329/
--
[SA29314] Gentoo update for ghostscript
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-03-10
Gentoo has issued an update for ghostscript-esp, ghostscript-gpl, and
ghostscript-gnu. This fixes a vulnerability, which can be exploited by
malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29314/
--
[SA29309] Gentoo update for sarg
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2008-03-13
Gentoo has issued an update for sarg. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct script insertion
attacks or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29309/
--
[SA29307] Gentoo update for mplayer
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-03-11
Gentoo has issued an update for mplayer. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29307/
--
[SA29375] Fedora update for roundup
Critical: Moderately critical
Where: From remote
Impact: Unknown, Security Bypass
Released: 2008-03-13
Fedora has issued an update for roundup. This fixes some
vulnerabilities with unknown impacts, and a security issue, which can
be exploited by malicious users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/29375/
--
[SA29374] Fedora update for horde
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-03-13
Fedora has issued an update for horde. This fixes a vulnerability,
which can be exploited by malicious users to to disclose sensitive
information and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29374/
--
[SA29371] UnixWare update for openssh
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-03-13
SCO has issued an update for openssh. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/29371/
--
[SA29364] rPath update for dovecot
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-03-13
rPath has issued an update for dovecot. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/29364/
--
[SA29358] XOOPS Tutorials Module "tid" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-03-13
S@BUN has discovered a vulnerability in the Tutorials module for XOOPS,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/29358/
--
[SA29357] Fedora update for ruby
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-03-13
Fedora has issued an update for ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/29357/
--
[SA29336] Roundup Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown, Security Bypass
Released: 2008-03-13
Multiple vulnerabilities and a security issue have been reported in
Roundup, some of which have unknown impacts, while others can be
exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/29336/
--
[SA29333] Gentoo update for icu
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-03-12
Gentoo has issued an update for icu. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/29333/
--
[SA29299] QuickTicket "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-03-10
croconile has discovered a vulnerability in QuickTicket, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29299/
--
[SA29295] Dovecot Authentication Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-03-10
A vulnerability has been reported in Dovecot, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/29295/
--
[SA29291] Sun Solaris ICU Regular Expressions Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-03-10
Sun has acknowledged some vulnerabilities in Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise an application using the ICU library.
Full Advisory:
http://secunia.com/advisories/29291/
--
[SA29288] QuickTalk forum "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-03-12
t0pP8uZz & xprog have discovered a vulnerability in QuickTalk forum,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/29288/
--
[SA29341] HP-UX HP CIFS Server Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2008-03-12
HP has acknowledged some vulnerabilities in HP-UX, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29341/
--
[SA29285] Fedora update for vdccm
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-03-07
Fedora has issued an update for vdccm. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29285/
--
[SA29354] Debian update for libnet-dns-perl
Critical: Less critical
Where: From remote
Impact: Spoofing, DoS
Released: 2008-03-12
Debian has issued an update for libnet-dns-perl. This fixes some
vulnerabilities, which can be exploited by malicious people to poison
the DNS cache or to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29354/
--
[SA29348] Gentoo update for apache
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, DoS
Released: 2008-03-12
Gentoo has issued an update for apache. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and by malicious users to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/29348/
--
[SA29327] Sun Java Server Faces Input Handling Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-03-11
Sun has acknowledged a vulnerability in Java Server Faces, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/29327/
--
[SA29318] rPath update for lighttpd
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-03-13
rPath has issued an update for lighttpd. This fixes some security
issues, which can be exploited by malicious people to disclose
potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/29318/
--
[SA29313] Red Hat update for tomcat
Critical: Less critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Released: 2008-03-11
Red Hat has issued an update for tomcat. This fixes a security issue
and a vulnerability, which can be exploited by malicious, local users
to bypass certain security restrictions and by malicious users to
disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/29313/
--
[SA29304] Gentoo update for pdflib
Critical: Less critical
Where: From remote
Impact: DoS, System access
Released: 2008-03-11
Gentoo has issued an update for pdflib. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/29304/
--
[SA29303] Ubuntu update for python
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-03-11
Ubuntu has issued an update for python. This fixes two security issues,
which can be exploited by malicious people to disclose potentially
sensitive information, to cause a DoS (Denial of Service), or to
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29303/
--
[SA29290] Sun Java Web Console Information Disclosure Security Issue
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-03-10
A security issue has been reported in Sun Java Web Console, which can
be exploited by malicious people to disclose certain information.
Full Advisory:
http://secunia.com/advisories/29290/
--
[SA29287] Gentoo update for phpmyadmin
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2008-03-10
Gentoo has issued an update for phpmyadmin. This fixes a vulnerability,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/29287/
--
[SA29370] UnixWare "pkgadd" Directory Traversal Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-03-13
A vulnerability has been reported in UnixWare, which can be exploited
by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/29370/
--
[SA29360] IBM WebSphere MQ for HP NonStop Missing Authentication
Critical: Less critical
Where: Local system
Impact: Security Bypass, Manipulation of data
Released: 2008-03-13
A security issue has been reported in IBM WebSphere MQ for HP NonStop,
which can be exploited by malicious, local users to bypass certain
security restrictions or manipulate certain data.
...
Add this link to...
Bury
Best of Security is a consolidated resource for all kinds of security news and stories. Learn more...
Please update the link. I need mod dosevasive...I also need an updated link please...I also need an updated link if possible....Advisory of Workaround (by Xerox):
Xerox has released a...I recommend you update this post. Scott Charbo IS NOT and NEVER WAS under...Patched since v2.04
Hello - I am Jeff Hardy from SmarterTools.
The vulnerability...give me a new link for downloding this lib / .dll, please....
Xerox has released a...I recommend you update this post. Scott Charbo IS NOT and NEVER WAS under...Patched since v2.04
The vulnerability...give me a new link for downloding this lib / .dll, please....
Comments