Category: news
|
Posted by
Staff
313 days ago
Via: http://lists.jammed.com |
Discuss
Staff
313 days ago
Via: http://lists.jammed.com |
Discuss
========================================================================
The Secunia Weekly Advisory Summary
2008-02-21 - 2008-02-28
This week: 87 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia invites you to join us in the biggest IT Expo event of the year
- the RSA Conference in the Moscone Center, San Francisco, California
from 7 to 11 April 2008. If you are interested in going to the expo
exhibit and meeting us, please contact your Secunia Account Executive
for a FREE EXPO PASS!
========================================================================
2) This Week in Brief:
A highly critical vulnerability has been discovered in ICQ, which can
be exploited by malicious people to compromise another user's system.
The vulnerability is caused due to a format string error when
generating HTML code to display messages in the embedded Internet
Explorer component. This can then be exploited by sending specially
crafted messages containing format string specifiers to another user.
Successful exploitation allows an attacker to execute arbitrary code.
The vulnerability is confirmed in ICQ 6 build 6043. Other versions may
also be affected. The vulnerability is currently unpatched. Secunia
urges users to avoid accepting messages from untrusted ICQ users, or
accepting messages only from users in their contact lists.
For more information, refer to:
http://secunia.com/advisories/29138/
--
A highly critical vulnerability has been reported in Mozilla
Thunderbird, which can be exploited by malicious people to potentially
compromise a user's system.
The vulnerability is caused due to an error within the handling of
external-body MIME types. This can be exploited to cause a heap-based
buffer overflow by tricking a user into viewing a specially crafted
email.
Successful exploitation may allow an attacker to arbitrary code.
The vendor has provided users with version 2.0.0.9 to resolve the
vulnerability. Users of prior version are urged to download the update
immediately.
For more information, refer to:
http://secunia.com/advisories/29133/
--
Netscape has acknowledged some weaknesses, a security issue, and some
vulnerabilities in Netscape Navigator, which can be exploited by
malicious people to disclose sensitive information, bypass certain
security restrictions, conduct spoofing attacks, or to compromise a
user's system.
The vulnerabilities are due to the use of vulnerable Firefox code, of
which the Netscape Navigator browser is based on.
The vendor has released version 9.0.0.6, which is the final release for
Netscape Navigator. Support for all Netscape browsers will end on 1st of
March 2008.
For more information, refer to:
http://secunia.com/advisories/29049/
--
Two vulnerabilities have been reported in various Symantec products,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.
A boundary error in Symantec's Decomposer engine can be exploited to
cause a stack-based buffer overflow when handling a specially crafted
.RAR file. Successful exploitation of this highly critical
vulnerability allows execution of arbitrary code.
An error in Symantec's Decomposer engine can be exploited to cause the
process to consume large amounts of memory when handling a specially
crafted .RAR file.
A variety of Symantec products are affected by these vulnerabilities,
including the Symantec AntiVirus Scan Engine, Symantec Mail Security
for Microsoft Exchange, and Symantec AntiVirus for Network Attached
Storage. The vendor has released security updates for all affected
products.
For more information, refer to:
http://secunia.com/advisories/29140/
--
VIRUS ALERTS:
During the past week Secunia collected 154 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA29032] VMware ESX Server Multiple Updates
2. [SA29131] D-Link MPEG4 SHM (Audio) Control ActiveX Control "Url"
Property Buffer Overflow
3. [SA27994] Novell iPrint Client iPrint Control "ExecuteRequest()"
Buffer Overflow
4. [SA29008] Joomla astatsPRO Component "id" SQL Injection
Vulnerability
5. [SA29052] Sun Solaris CPU Performance Counters Sub-System Local
Denial of Service
6. [SA29106] Joomla! "mosConfig_absolute_path" File Inclusion
7. [SA29074] Solaris 10 Perl Regular Expressions Unicode Data Buffer
Overflow
8. [SA29037] Sun Solaris 10 DTrace Dynamic Tracing Framework
Information Disclosure
9. [SA29066] lighttpd File Descriptor Array Denial of Service
Vulnerability
10. [SA29070] Red Hat update for tcltk
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA29146] 4XEM VatDecoder VatCtrl Class ActiveX Control "Url" Property
Buffer Overflow
[SA29145] RTSP MPEG4 SP Control ActiveX Control "Url" Property Buffer
Overflow
[SA29138] ICQ Message Processing Format String Vulnerability
[SA29131] D-Link MPEG4 SHM (Audio) Control ActiveX Control "Url"
Property Buffer Overflow
[SA29109] Rising Online Virus Scanner Web Scan ActiveX Control
"UpdateEngine()" Insecure Method
[SA29108] Move Media Player Quantum Streaming IE Player "UploadLogs()"
Buffer Overflow
[SA29137] NetWin WebMail Format String Vulnerability
[SA29105] SurgeMail Format String and Buffer Overflow Vulnerabilities
[SA29102] Porar Webboard question.asp SQL Injection Vulnerability
[SA29096] SurgeFTP "Content-Length" Denial of Service Vulnerability
[SA29124] Trend Micro OfficeScan CGI Module and Policy Server Buffer
Overflows
[SA29062] Zilab Chat and Instant Messaging Server Multiple
Vulnerabilities
[SA29142] AuthentiX Multiple Cross-Site Scripting Vulnerabilities
[SA29151] Trend Micro OfficeScan 8.0 Policy Server Denial of Service
[SA29075] Double-Take for Windows Information Disclosure and Denial of
Service
[SA29117] VMware Products Shared Folders Directory Traversal
Vulnerability
UNIX/Linux:
[SA29141] Gentoo update for xine-lib
[SA29135] Debian update for ghostscript
[SA29115] Fedora update for sword
[SA29112] Red Hat update for ghostscript
[SA29104] Debian update for koffice
[SA29094] GraphicsMagick Multiple Vulnerabilities
[SA29086] Debian update for iceape
[SA29065] Red Hat update for acroread
[SA29060] Gentoo udpate for clamav
[SA29161] IBM AIX libc "inet_network()" Off-By-One Vulnerability
[SA29157] Red Hat update for gd
[SA29130] Apple Mac OS X "ipcomp6_input()" Denial of Service
[SA29100] Sun Solaris Firewall Security Bypass and Denial of Service
[SA29085] Gentoo update for python
[SA29079] Red Hat update for netpbm
[SA29078] OpenBSD Two Denial of Service Vulnerabilities
[SA29074] Solaris 10 Perl Regular Expressions Unicode Data Buffer
Overflow
[SA29070] Red Hat update for tcltk
[SA29069] Red Hat update for tk
[SA29066] lighttpd File Descriptor Array Denial of Service
Vulnerability
[SA29120] Fedora update for cups
[SA29127] DNSSEC-Tools libval Validation Algorithm Security Issue
[SA29114] Maian Cart "keywords" Cross-Site Scripting
[SA29095] Fedora update for dnssec-tools
[SA29083] Mandriva update for nss_ldap
[SA29071] Debian update for turba2
[SA29058] Debian update for kernel
[SA29132] Mandriva update for cups
[SA29087] Red Hat update for cups
[SA29068] Red Hat update for openldap
[SA29067] Red Hat update for cups
[SA29160] Red Hat update for dbus
[SA29148] D-Bus "send_interface" Security Policy Bypass
[SA29139] IBM AIX X Server Multiple Vulnerabilities
[SA29113] Fedora update for wyrd
[SA29111] Symark PowerBroker Client Binaries Buffer Overflow
Vulnerabilities
[SA29080] SplitVT "xprop" Privilege Escalation Security Issue
[SA29064] Debian update for splitvt
[SA29059] Debian update for dspam
[SA29136] Fedora update for kvm
[SA29129] KVM Block Device Backend Security Bypass
[SA29097] Net Activity Viewer Privilege Escalation Security Issue
[SA29081] Fedora update for qemu
Other:
[SA29082] Cisco IP Phone 7921 Insecure PEAP Implementation
Cross Platform:
[SA29153] Miro MP4 Demuxer Arbitrary Memory Overwrite
[SA29140] Symantec Products Symantec Decomposer RAR File Handling
Vulnerabilities
[SA29133] Mozilla Thunderbird MIME Processing Buffer Overflow
Vulnerability
[SA29122] VLC Media Player MP4 Demuxer Arbitrary Memory Overwrite
[SA29110] DBHcms "extmanager_install" File Inclusion Vulnerability
[SA29103] Ghostscript "zseticcspace()" Buffer Overflow Vulnerability
[SA29099] WordPress Sniplets Plugin Multiple Vulnerabilities
[SA29089] php Download Manager "content" File Inclusion Vulnerability
[SA29088] Interstage Application Server Single Sign-On Buffer Overflow
[SA29077] Quantum Star "CONFIG[gameroot]" File Inclusion
Vulnerabilities
[SA29076] phpQLAdmin "_SESSION[path]" File Inclusion Vulnerabilities
[SA29156] Wireshark Multiple Denial of Service Vulnerabilities
[SA29123] eazyPortal "session_vars" SQL Injection Vulnerability
[SA29107] Xoops XM-Memberstats Module "letter" and "sortby" SQL
Injection
[SA29106] Joomla! "mosConfig_absolute_path" File Inclusion
[SA29090] Joomla! Gary's Cookbook Component "id" SQL Injection
[SA29084] H-Sphere SiteStudio Unspecified Vulnerability
[SA29073] XOOPS Tiny Event Module "id" SQL Injection
[SA29063] XOOPS Prayer List Module "cid" SQL Injection
[SA29061] beContent "id" SQL Injection Vulnerability
[SA29150] Interspire Shopping Cart "search_query" Cross-Site Scripting
[SA29128] Serendipity Script Insertion and Cross-Site Scripting
[SA29118] Drupal Multiple Script Insertion Vulnerabilities
[SA29116] Plume CMS "dir" Cross-Site Scripting Vulnerability
[SA29093] Matt's Whois "domain" Cross-Site Scripting Vulnerability
[SA29092] TikiWiki "tiki-edit_article.php" Script Insertion
Vulnerability
[SA29072] IBM Lotus Quickr/QuickPlace Cross-Site Scripting
Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA29146] 4XEM VatDecoder VatCtrl Class ActiveX Control "Url" Property
Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-27
rgod has discovered a vulnerability in 4XEM VatDecoder, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29146/
--
[SA29145] RTSP MPEG4 SP Control ActiveX Control "Url" Property Buffer
Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-27
rgod has discovered a vulnerability in RTSP MPEG4 SP Control, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29145/
--
[SA29138] ICQ Message Processing Format String Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-28
B0B has discovered a vulnerability in ICQ, which can be exploited by
malicious people to compromise another user's system.
Full Advisory:
http://secunia.com/advisories/29138/
--
[SA29131] D-Link MPEG4 SHM (Audio) Control ActiveX Control "Url"
Property Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-27
rgod has discovered a vulnerability in D-Link MPEG4 SHM (Audio)
Control, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/29131/
--
[SA29109] Rising Online Virus Scanner Web Scan ActiveX Control
"UpdateEngine()" Insecure Method
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-26
John Smith has discovered a vulnerability in Rising Online Virus
Scanner, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/29109/
--
[SA29108] Move Media Player Quantum Streaming IE Player "UploadLogs()"
Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-26
Elazar Broad has discovered a vulnerability in Move Media Player, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29108/
--
[SA29137] NetWin WebMail Format String Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-02-27
Luigi Auriemma has reported a vulnerability in NetWin WebMail, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/29137/
--
[SA29105] SurgeMail Format String and Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-26
Luigi Auriemma has discovered some vulnerabilities in SurgeMail, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29105/
--
[SA29102] Porar Webboard question.asp SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-02-26
xcorpitx has reported a vulnerability in Porar Webboard, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/29102/
--
[SA29096] SurgeFTP "Content-Length" Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-02-26
Luigi Auriemma has discovered a vulnerability in SurgeFTP, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29096/
--
[SA29124] Trend Micro OfficeScan CGI Module and Policy Server Buffer
Overflows
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-02-28
Luigi Auriemma has discovered some vulnerabilities in Trend Micro
OfficeScan, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29124/
--
[SA29062] Zilab Chat and Instant Messaging Server Multiple
Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-02-22
Luigi Auriemma has discovered some vulnerabilities in Zilab Chat and
Instant Messaging (ZIM) Server, which can be exploited by malicious
people to cause a DoS (Denial of Service) or compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/29062/
--
[SA29142] AuthentiX Multiple Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-02-28
William Hicks and Chris Castaldo have discovered some vulnerabilities
in AuthentiX, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/29142/
--
[SA29151] Trend Micro OfficeScan 8.0 Policy Server Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-02-28
Luigi Auriemma has discovered a vulnerability in Trend Micro
OfficeScan, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/29151/
--
[SA29075] Double-Take for Windows Information Disclosure and Denial of
Service
Critical: Less critical
Where: From local network
Impact: Exposure of system information, DoS
Released: 2008-02-25
Luigi Auriemma has reported some vulnerabilities in Double-Take for
Windows, which can be exploited by malicious people to disclose system
information and cause a DoS (Denial of Service)
Full Advisory:
http://secunia.com/advisories/29075/
--
[SA29117] VMware Products Shared Folders Directory Traversal
Vulnerability
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2008-02-26
Gerardo Richarte has reported a vulnerability in VMware products, which
can be exploited by malicious, local users or malicious applications to
bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/29117/
UNIX/Linux:--
[SA29141] Gentoo update for xine-lib
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-27
Gentoo has issued an update in xine-lib. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29141/
--
[SA29135] Debian update for ghostscript
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-28
Debian has issued an update for ghostscript. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/29135/
--
[SA29115] Fedora update for sword
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-26
Fedora has issued an update for sword. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/29115/
--
[SA29112] Red Hat update for ghostscript
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-28
Red Hat has issued an update for ghostscript. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/29112/
--
[SA29104] Debian update for koffice
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-02-26
Debian has issued an update for koffice. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29104/
--
[SA29094] GraphicsMagick Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-25
Some vulnerabilities have been reported in GraphicsMagick, which can be
exploited by malicious people to conduct DoS (Denial of Service) attacks
or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29094/
--
[SA29086] Debian update for iceape
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released: 2008-02-25
Debian has issued an update for iceape. This fixes some vulnerabilities
and weaknesses, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, conduct
spoofing attacks, or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/29086/
--
[SA29065] Red Hat update for acroread
Critical: Highly critical
Where: From remote
Impact: Unknown, Hijacking, DoS, System access
Released: 2008-02-25
Red Hat has issued an update for acroread. This fixes some
vulnerabilities, some of which have unknown impacts, while others can
be exploited by malicious people to conduct cross-site request forgery
attacks, cause a DoS (Denial of Service), or compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/29065/
--
[SA29060] Gentoo udpate for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-22
Gentoo has issued an update for clamav. This fixes some
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service) or to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29060/
--
[SA29161] IBM AIX libc "inet_network()" Off-By-One Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-28
IBM has acknowledged a vulnerability in AIX, which can be exploited by
malicious people to cause a DoS (Denial of Service) or to potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29161/
--
[SA29157] Red Hat update for gd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-28
Red Hat has issued an update for gd. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29157/
--
[SA29130] Apple Mac OS X "ipcomp6_input()" Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-02-27
A vulnerability has been reported in Apple Mac OS X, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29130/
--
[SA29100] Sun Solaris Firewall Security Bypass and Denial of Service
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2008-02-25
Sun has acknowledged a vulnerability in Solaris, which can be exploited
by malicious people to bypass certain security restrictions and cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29100/
--
[SA29085] Gentoo update for python
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-25
Gentoo has issued an update for python. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29085/
--
[SA29079] Red Hat update for netpbm
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-28
Red Hat has issued an update for netpbm. This fixes a vulnerability,
which can potentially be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/29079/
--
[SA29078] OpenBSD Two Denial of Service Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-02-25
Two vulnerabilities have been reported in OpenBSD, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29078/
--
[SA29074] Solaris 10 Perl Regular Expressions Unicode Data Buffer
Overflow
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-22
Sun has acknowledged a vulnerability in Solaris, which potentially can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29074/
--
[SA29070] Red Hat update for tcltk
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-22
Red Hat has issued an update for tcltk. This fixes some
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) and potentially by malicious people to
compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/29070/
--
[SA29069] Red Hat update for tk
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-02-22
Red Hat has issued an update for tk. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise an application
using the library.
Full Advisory:
http://secunia.com/advisories/29069/
--
[SA29066] lighttpd File Descriptor Array Denial of Service
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-02-22
A vulnerability has been reported in lighttpd, which can be exploited
by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/29066/
--
[SA29120] Fedora update for cups
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-02-26
Fedora has issued an update for cups. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/29120/
--
[SA29127] DNSSEC-Tools libval Validation Algorithm Security Issue
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-02-26
A security issue has been reported in DNSSEC-Tools, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/29127/
--
[SA29114] Maian Cart "keywords" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-02-28
Russ McRee has discovered a vulnerability in Maian Cart, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/29114/
--
[SA29095] Fedora update for dnssec-tools
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-02-26
Fedora has issued an update for dnssec-tools. This fixes a security
issue, which can be exploited by malicious people to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/29095/
--
[SA29083] Mandriva update for nss_ldap
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2008-02-25
Mandriva has issued an update for nss_ldap. This fixes a security
issue, which can be exploited by malicious people to manipulate certain
data.
Full Advisory:
http://secunia.com/advisories/29083/
--
[SA29071] Debian update for turba2
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-02-25
Debian has issued an update for turba2. This fixes a security issue,
which can be exploited by malicious users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/29071/
--
[SA29058] Debian update for kernel
Critical: Less critical
Where: From remote
Impact: Unknown, Security Bypass, Exposure of sensitive
information, Privilege escalation, DoS
Released: 2008-02-25
Debian has issued an update for kernel-2.4.27 and kernel-2.6.8. This
fixes some weaknesses, security issues, and vulnerabilities, where one
has an unknown impact, and others can be exploited by malicious, local
users to cause a DoS (Denial of Service), disclose potentially
sensitive information, bypass certain security restrictions, and gain
escalated privileges, and by malicious people to cause a DoS.
Full Advisory:
http://secunia.com/advisories/29058/
--
[SA29132] Mandriva update for cups
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-02-28
Mandriva has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/29132/
--
[SA29087] Red Hat update for cups
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-02-25
Red Hat has issued an update for cups. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/29087/
--
[SA29068] Red Hat update for openldap
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-02-22
Red Hat has issued an update for openldap. This fixes some
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service).
Full Advisory:
...
Add this link to...
Bury
Best of Security is a consolidated resource for all kinds of security news and stories. Learn more...
Please update the link. I need mod dosevasive...I also need an updated link please...I also need an updated link if possible....Advisory of Workaround (by Xerox):
Xerox has released a...I recommend you update this post. Scott Charbo IS NOT and NEVER WAS under...Patched since v2.04
Hello - I am Jeff Hardy from SmarterTools.
The vulnerability...give me a new link for downloding this lib / .dll, please....
Xerox has released a...I recommend you update this post. Scott Charbo IS NOT and NEVER WAS under...Patched since v2.04
The vulnerability...give me a new link for downloding this lib / .dll, please....
Comments