Category: news
|
Posted by
Staff
292 days ago
Via: http://lists.jammed.com |
Discuss
Staff
292 days ago
Via: http://lists.jammed.com |
Discuss
========================================================================
The Secunia Weekly Advisory Summary
2008-03-13 - 2008-03-20
This week: 58 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia invites you to join us in the biggest IT Expo event of the year
- the RSA Conference in the Moscone Center, San Francisco, California
from 7 to 11 April 2008. If you are interested in going to the expo
exhibit and meeting us, please contact your Secunia Account Executive
for a FREE EXPO PASS!
========================================================================
2) This Week in Brief:
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
For more information, refer to:
http://secunia.com/advisories/29420/
--
Some vulnerabilities have been reported in Kerberos, which can be
exploited by malicious people to disclose potentially sensitive
information, cause a DoS (Denial of Service), or potentially compromise
a vulnerable system.
For more information, refer to:
http://secunia.com/advisories/29428/
--
Some vulnerabilities have been reported in WinRAR, which potentially
can be exploited by malicious people to compromise a vulnerable
system.
For more information, refer to:
http://secunia.com/advisories/29407/
To find out if your home computer is vulnerable to these security
problems, scan using the free Personal Software Inspector. Check if a
vulnerable version is installed on computers in your corporate network,
using the Network Software Inspector.
Download the Secunia PSI:
https://psi.secunia.com/
--
VIRUS ALERTS:
During the past week Secunia collected 221 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA29337] McAfee ePolicy Orchestrator Framework Service Format
String Vulnerability
2. [SA29378] Invision Power Board Nested BBCodes Script Insertion
3. [SA29382] MDaemon IMAP Server "FETCH" Command Buffer Overflow
4. [SA29339] Fully Modded phpBB "k" SQL Injection Vulnerability
5. [SA29360] IBM WebSphere MQ for HP NonStop Missing Authentication
6. [SA29368] Sun Solaris JDS XscreenSaver Authentication Bypass
7. [SA29309] Gentoo update for sarg
8. [SA29375] Fedora update for roundup
9. [SA29372] EasyGallery SQL Injection and Cross-Site Scripting
10. [SA29329] Mapbender SQL and PHP Code Injection
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA29437] BusinessObjects "RptViewerAX" ActiveX Control Buffer Overflow
Vulnerability
[SA29408] CA BrightStor ARCserve Backup "ListCtrl" ActiveX Control
Buffer Overflow
[SA29407] WinRAR Multiple Unspecified Vulnerabilities
[SA29433] KAPhotoservice "albumid" SQL Injection Vulnerability
[SA29419] Home FTP Server Passive Mode Denial of Service
[SA29382] MDaemon IMAP Server "FETCH" Command Buffer Overflow
[SA29404] BootManage TFTP Server Buffer Overflow Vulnerability
UNIX/Linux:
[SA29451] Red Hat update for krb5
[SA29450] Red Hat update for krb5
[SA29444] Gentoo update for moinmoin
[SA29438] Ubuntu update for krb5
[SA29435] Debian update for krb5
[SA29428] Kerberos Multiple Vulnerabilities
[SA29426] Asterisk Multiple Vulnerabilities
[SA29424] SUSE update for krb5
[SA29423] Red Hat update for krb5
[SA29420] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA29393] Apple Safari Multiple Vulnerabilities
[SA29440] Red Hat update for unzip
[SA29432] Debian update for unzip
[SA29427] Mandriva update for unzip
[SA29415] UnZip "inflate_dynamic()" Uninitialized Pointers
Vulnerability
[SA29400] Debian update for horde3
[SA29396] Gentoo update for dovecot
[SA29385] Debian update for dovecot
[SA29379] Avaya CMS Solaris Firewall Security Bypass and Denial of
Service
[SA29448] SUSE update for cups
[SA29431] CUPS CGI Buffer Overflow Vulnerability
[SA29405] Debian update for smarty
[SA29403] Debian update for lighttpd
[SA29388] Ubuntu update for mailman
[SA29383] ZABBIX "vfs.file.cksum" Denial of Service Vulnerability
[SA29387] Red Hat update for kernel
[SA29442] HP StorageWorks Library and Tape Tools (LTT) on HP-UX
Security Bypass
[SA29425] Gentoo update for acroread
[SA29395] Debian update for ldapscripts
[SA29449] Asterisk Predictable HTTP Manager ID Weakness
[SA29418] Sun Solaris "rpc.metad" Denial of Service
Other:
[SA29394] CheckPoint VPN-1 IP Address Collision Security Issue
[SA29401] RaidSonic ICY BOX NAS-4220-B Insecure Storage of Encryption
Key
Cross Platform:
[SA29422] PHPauction GPL "include_path" File Inclusion Vulnerabilities
[SA29417] fuzzylime (cms) "admindir" File Inclusion Vulnerability
[SA29397] F-Secure Archives Handling Unspecified Vulnerabilities
[SA29430] Easy-Clanpage "id" SQL Injection Vulnerability
[SA29429] Joomla Acajoom PRO Component "mailingid" SQL Injection
[SA29421] MG-SOFT Net Inspector Multiple Vulnerabilities
[SA29411] phpBP "id" SQL Injection Vulnerability
[SA29398] Serendipity Security Bypass and Script Insertion
Vulnerabilities
[SA29390] eXV2 WebChat Module "roomid" SQL Injection
[SA29389] eXV2 Viso Module "kid" SQL Injection Vulnerability
[SA29384] eXV2 myannonces Module "lid" SQL Injection
[SA29441] ManageEngine SupportCenter Plus "searchText" Cross-Site
Scripting
[SA29416] Multiple Time Sheets "tab" Cross-Site Scripting
[SA29413] VMware Products Multiple Vulnerabilities
[SA29412] VMware Server Multiple Vulnerabilities
[SA29409] Novell GroupWise Windows Client API Security Bypass
[SA29380] eForum "busca.php" Cross-Site Scripting
[SA29378] Invision Power Board Nested BBCodes Script Insertion
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA29437] BusinessObjects "RptViewerAX" ActiveX Control Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-03-19
Will Dormann has reported a vulnerability in BusinessObjects, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29437/
--
[SA29408] CA BrightStor ARCserve Backup "ListCtrl" ActiveX Control
Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-03-17
Krystian Kloskowski has reported a vulnerability in CA BrightStor
ARCserve Backup for Laptops & Desktops, which can be exploited by
malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29408/
--
[SA29407] WinRAR Multiple Unspecified Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-03-19
Some vulnerabilities have been reported in WinRAR, which can
potentially be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/29407/
--
[SA29433] KAPhotoservice "albumid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-03-19
JosS has reported a vulnerability in KAPhotoservice, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29433/
--
[SA29419] Home FTP Server Passive Mode Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-03-18
0in has discovered a vulnerability in Home FTP Server, which can be
exploited by malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29419/
--
[SA29382] MDaemon IMAP Server "FETCH" Command Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-03-14
Matteo Memelli has discovered a vulnerability in MDaemon, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29382/
--
[SA29404] BootManage TFTP Server Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2008-03-17
Luigi Auriemma has discovered a vulnerability in BootManage TFTP
Server, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/29404/
UNIX/Linux:--
[SA29451] Red Hat update for krb5
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-03-19
Red Hat has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29451/
--
[SA29450] Red Hat update for krb5
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-03-19
Red Hat has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29450/
--
[SA29444] Gentoo update for moinmoin
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2008-03-19
Gentoo has issued an update for moinmoin. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass security restrictions, manipulate
certain data, or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29444/
--
[SA29438] Ubuntu update for krb5
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-03-19
Ubuntu has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29438/
--
[SA29435] Debian update for krb5
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-03-19
Debian has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29435/
--
[SA29428] Kerberos Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-03-19
Some vulnerabilities have been reported in Kerberos, which can be
exploited by malicious people to disclose potentially sensitive
information, cause a DoS (Denial of Service), or potentially compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29428/
--
[SA29426] Asterisk Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2008-03-19
Some vulnerabilities have been reported in Asterisk, which can be
exploited by malicious people to bypass certain security restrictions,
cause a DoS (Denial of Service), and potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/29426/
--
[SA29424] SUSE update for krb5
Critical: Highly critical
Where: From remote
Impact: System access, DoS, Exposure of sensitive information
Released: 2008-03-19
SUSE has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29424/
--
[SA29423] Red Hat update for krb5
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-03-19
Red Hat has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29423/
--
[SA29420] Mac OS X Security Update Fixes Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Unknown, Security Bypass, Cross Site Scripting, Spoofing,
Exposure of sensitive information, Privilege escalation, DoS, System
access
Released: 2008-03-19
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.
Full Advisory:
http://secunia.com/advisories/29420/
--
[SA29393] Apple Safari Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2008-03-19
Some vulnerabilities have been reported in Safari, which can be
exploited by malicious people to bypass certain security restrictions,
conduct cross-site scripting attacks, or to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/29393/
--
[SA29440] Red Hat update for unzip
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-03-19
Red Hat has issued an update for unzip. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/29440/
--
[SA29432] Debian update for unzip
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-03-18
Debian has issued an update for unzip. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/29432/
--
[SA29427] Mandriva update for unzip
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-03-19
Mandriva has issued an update for unzip. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/29427/
--
[SA29415] UnZip "inflate_dynamic()" Uninitialized Pointers
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-03-18
A vulnerability has been reported in UnZip, which potentially can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29415/
--
[SA29400] Debian update for horde3
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-03-17
Debian has issued an update for horde3. This fixes a vulnerability,
which can be exploited by malicious users to disclose sensitive
information and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29400/
--
[SA29396] Gentoo update for dovecot
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-03-18
Gentoo has issued an update for dovecot. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/29396/
--
[SA29385] Debian update for dovecot
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-03-17
Debian has issued an update for dovecot. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/29385/
--
[SA29379] Avaya CMS Solaris Firewall Security Bypass and Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2008-03-17
Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious people to bypass certain security restrictions
and cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29379/
--
[SA29448] SUSE update for cups
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-03-19
SUSE has issued an update for cups. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29448/
--
[SA29431] CUPS CGI Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-03-19
A vulnerability has been reported in CUPS, which can be exploited by
malicious people to cause a DoS (Denial of Service) or to potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29431/
--
[SA29405] Debian update for smarty
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-03-17
Debian has issued an update for smarty. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/29405/
--
[SA29403] Debian update for lighttpd
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-03-17
Debian has issued an update for lighttpd. This fixes a security issue,
which can be exploited by malicious people to disclose potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/29403/
--
[SA29388] Ubuntu update for mailman
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-03-17
Ubuntu has issued an update for mailman. This fixes a vulnerability,
which can be exploited by malicious users to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/29388/
--
[SA29383] ZABBIX "vfs.file.cksum" Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-03-14
Milen Rangelov has discovered a vulnerability in ZABBIX, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29383/
--
[SA29387] Red Hat update for kernel
Critical: Less critical
Where: From local network
Impact: DoS, System access
Released: 2008-03-14
Red Hat has issued an update for the kernel. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29387/
--
[SA29442] HP StorageWorks Library and Tape Tools (LTT) on HP-UX
Security Bypass
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2008-03-19
HP has acknowledged a vulnerability in HP StorageWorks Library and Tape
Tools (LTT), which can be exploited by malicious, local users to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/29442/
--
[SA29425] Gentoo update for acroread
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-03-19
Gentoo has issued an update for acroread. This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/29425/
--
[SA29395] Debian update for ldapscripts
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2008-03-17
Debian has issued an update for ldapscripts. This fixes a security
issue, which can be exploited by malicious, local users to disclose
sensitive information.
Full Advisory:
http://secunia.com/advisories/29395/
--
[SA29449] Asterisk Predictable HTTP Manager ID Weakness
Critical: Not critical
Where: From local network
Impact: Hijacking
Released: 2008-03-19
Dino A. Dai Zovi has reported a weakness in Asterisk, which can be
exploited by malicious people to hijack a user session.
Full Advisory:
http://secunia.com/advisories/29449/
--
[SA29418] Sun Solaris "rpc.metad" Denial of Service
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2008-03-18
Kingcope has reported a vulnerability in Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29418/
Other:--
[SA29394] CheckPoint VPN-1 IP Address Collision Security Issue
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information, DoS
Released: 2008-03-18
Robert Mitchell has reported a security issue in CheckPoint VPN-1,
which can lead to a DoS (Denial of Service) or disclosure of sensitive
information.
Full Advisory:
http://secunia.com/advisories/29394/
--
[SA29401] RaidSonic ICY BOX NAS-4220-B Insecure Storage of Encryption
Key
Critical: Not critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2008-03-19
Collin Mulliner has reported a security issue in RaidSonic NAS-4220-B,
which can be exploited by malicious people with physical access to the
device to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/29401/
Cross Platform:--
[SA29422] PHPauction GPL "include_path" File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-03-18
RoMaNcYxHaCkEr has discovered some vulnerabilities in PHPauction GPL,
which can be exploited by malicious people to disclose sensitive
information or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29422/
--
[SA29417] fuzzylime (cms) "admindir" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-03-17
irk4z has discovered a vulnerability in fuzzylime (cms), which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29417/
--
[SA29397] F-Secure Archives Handling Unspecified Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-03-17
Some vulnerabilities have been reported in various F-Secure products,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29397/
--
[SA29430] Easy-Clanpage "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-03-19
n3w7u has discovered a vulnerability in Easy-Clanpage, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29430/
--
[SA29429] Joomla Acajoom PRO Component "mailingid" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-03-19
fataku has reported a vulnerability in the Acajoom PRO component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/29429/
--
[SA29421] MG-SOFT Net Inspector Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, DoS, System access
Released: 2008-03-17
Luigi Auriemma has discovered some vulnerabilities in MG-SOFT Net
Inspector, which can be exploited by malicious people to disclose
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29421/
--
[SA29411] phpBP "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-03-17
irk4z has reported a vulnerability in phpBP, which can be exploited by
malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29411/
--
[SA29398] Serendipity Security Bypass and Script Insertion
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2008-03-18
Two vulnerabilities have been reported in Serendipity, which can be
exploited by malicious people to conduct script insertion attacks and
bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/29398/
--
[SA29390] eXV2 WebChat Module "roomid" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-03-17
S@BUN has discovered a vulnerability in the WebChat module for eXV2,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/29390/
--
[SA29389] eXV2 Viso Module "kid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-03-17
S@BUN has discovered a vulnerability in the Viso (Industry Book) module
for eXV2, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/29389/
--
[SA29384] eXV2 myannonces Module "lid" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-03-17
S@BUN has discovered a vulnerability in the myannonces module for eXV2,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/29384/
--
...
Add this link to...
Bury
Best of Security is a consolidated resource for all kinds of security news and stories. Learn more...
Please update the link. I need mod dosevasive...I also need an updated link please...I also need an updated link if possible....Advisory of Workaround (by Xerox):
Xerox has released a...I recommend you update this post. Scott Charbo IS NOT and NEVER WAS under...Patched since v2.04
Hello - I am Jeff Hardy from SmarterTools.
The vulnerability...give me a new link for downloding this lib / .dll, please....
Xerox has released a...I recommend you update this post. Scott Charbo IS NOT and NEVER WAS under...Patched since v2.04
The vulnerability...give me a new link for downloding this lib / .dll, please....
Comments