Report date: January 05, 2009 Date posted: January 05, 2009
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant back [SA33327] Hex Workshop Color Map Buffer Overflow Vulnerability
back [SA33326] Megacubo URI Handling PHP Code Injection Vulnerability
back [SA33376] FlexPHPic SQL Injection Vulnerabilities
back [SA33373] Pixel8 Web Photo Album "AlbumID" SQL Injection Vulnerability
back [SA33358] Sepcity Shopping Mall "ID" SQL Injection Vulnerability
back [SA33357] Sepcity Faculty Portal "ID" SQL Injection Vulnerability
back [SA33355] Elecard MPEG Player M3U Buffer Overflow Vulnerability
back [SA33354] Sepcity Classified Ads "ID" SQL Injection Vulnerability
back [SA33344] ForumApp Database Disclosure
back [SA33334] BlackJumboDog Authentication Bypass Vulnerability
back [SA33349] Fedora update for mediawiki
back [SA33345] MWP Blog System "id" SQL Injection Vulnerability
back [SA33350] Fedora update for kvm
back [SA33341] FreeBSD ftpd Long Command Processing Vulnerability
back [SA33325] Avaya CMS Solaris "libICE" Denial of Service Vulnerability
back [SA33328] Sun SNMP Management Agent Insecure Temporary Files
back [SA33348] Fedora update for kernel
back [SA33375] CMScout Multiple Vulnerabilities
back [SA33360] RealNetworks Helix Server Multiple Vulnerabilities
back [SA33353] FlexPHPDirectory Multiple Vulnerabilities
back [SA33343] FlexPHPLink Pro Multiple Vulnerabilities
back [SA33374] Vacation Script "editid1" SQL Injection Vulnerability
back [SA33370] 2Capsule's Sticker Extreme Edition "id" SQL Injection Vulnerability
back [SA33369] Memberkit Arbitrary File Upload Vulnerability
back [SA33367] PHPFootball SQL Injection and Cross-Site Scripting Vulnerabilities
back [SA33364] w3blabor CMS "benutzername" SQL Injection Vulnerability
back [SA33363] PowerNews "newsid" SQL Injection Vulnerability
back [SA33362] PowerClan "loginemail" SQL Injection Vulnerability
back [SA33356] Audacity "String_parse::get_nonspace_quoted()" Buffer Overflow
back [SA33352] Joomla PaxGallery Component "gid" SQL Injection Vulnerability
back [SA33347] FlexPHPSite SQL Injection Vulnerabilities
back [SA33339] OpenEdit DAM Multiple Vulnerabilities
back [SA33337] webClassifieds SQL Injection Vulnerability
back [SA33336] eDNews File Inclusion and SQL Injection Vulnerabilities
back [SA33335] eDContainer "lg" File Inclusion Vulnerability
back [SA33329] Ultimate PHP Board "User-Agent" Script Insertion
back [SA33366] eggBlog Cross-Site Request Forgery Vulnerability
back [SA33351] DeluxeBB "delete*" SQL Injection Vulnerability
back [SA33340] ViArt Shop Cross-Site Request Forgery and Cross-Site Scripting
back [SA33333] Mayaa Error Page Cross-Site Scripting Vulnerability
back [SA33330] IBM Tivoli Netcool/Webtop Tomcat Vulnerability
Secunia Bulletin - 2008-52
CERT Bulletin - SB08-364
BULLETIN DETAIL
Secunia Bulletin
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-12-29
Encrypt3d.M!nd has discovered a vulnerability in Hex Workshop, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33327/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-02
pyrokinesis has discovered a vulnerability in Megacubo, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33326/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-01-02
S.W.A.T. has discovered some vulnerabilities in FlexPHPic, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33376/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-02
AlpHaNiX has reported a vulnerability in Pixel8 Web Photo Album, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33373/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-30
Osmanizim has discovered a vulnerability in Sepcity Shopping Mall, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33358/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-30
Osmanizim has discovered a vulnerability in Sepcity Faculty Portal, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33357/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-02
aBo MoHaMeD has discovered a vulnerability in Elecard MPEG Player, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33355/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-30
S.W.A.T. has discovered a vulnerability in Sepcity Classified Ads, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33354/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-29
Cyber.Zer0 has discovered a security issue in ForumApp, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33344/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-12-26
A vulnerability has been reported in BlackJumboDog, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33334/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-26
Fedora has issued an update for mediawiki. This fixes some vulnerabilities, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33349/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-29
A vulnerability has been discovered in MWP Blog System for PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33345/
Critical: Moderately critical
Where: Local system
Impact: Security Bypass, DoS
Released: 2008-12-26
Fedora has issued an update for kvm. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions and cause a DoS (Denial of Service) or by malicious users to cause a DoS.
Full Advisory:
http://secunia.com/advisories/33350/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-26
FreeBSD has acknowledged a vulnerability in ftpd, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33341/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-12-26
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33325/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-12-26
A security issue has been reported in Sun SNMP Management Agent, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33328/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-12-26
Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33348/
Other:
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2009-01-02
SirGod has discovered some vulnerabilities in CMScout, which can be exploited by malicious people and malicious users to conduct SQL injection attacks, and by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33375/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-12-30
Some vulnerabilities have been reported in RealNetworks Helix Server, which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33360/
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2008-12-30
Some vulnerabilities have been discovered in FlexPHPDirectory, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33353/
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2008-12-29
Some vulnerabilities have been discovered in FlexPHPLink Pro, which can be exploited by malicious people to conduct SQL injection attacks and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33343/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-02
x0r has reported a vulnerability in Vacation Script, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33374/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-02
A vulnerability has been discovered in 2Capsule's Sticker Extreme Edition, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33370/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-02
Lo$er has reported a vulnerability in Memberkit, which can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33369/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information
Released: 2009-01-02
Some vulnerabilities have been discovered in PHPFootball, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33367/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-02
DNX has discovered a vulnerability in w3blabor CMS, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33364/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-02
Virangar Security has discovered a vulnerability in PowerNews, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33363/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-01-02
Virangar Security has discovered a vulnerability in PowerClan, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33362/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-02
A vulnerability has been discovered in Audacity, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33356/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-29
XaDoS has reported a vulnerability in the PaxGallery component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33352/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-30
Some vulnerabilities have been reported in FlexPHPSite, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33347/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-30
Some vulnerabilities have been reported in OpenEdit DAM, which can be exploited by malicious people to conduct script-insertion and cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33339/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-12-29
AnGeL25dZ has reported a vulnerability in webClassifieds, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33337/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2008-12-29
Some vulnerabilities have been discovered in eDNews, which can be exploited by malicious people to disclose sensitive information or conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33336/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, Exposure of system
information
Released: 2008-12-29
GoLd_M has reported a vulnerability in eDContainer, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33335/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-29
A vulnerability has been discovered in Ultimate PHP Board, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33329/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-02
x0r has discovered a vulnerability in eggBlog, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33366/
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-29
StAkeR has discovered a vulnerability in DeluxeBB, which can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33351/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-30
Xia Shing Zee has reported some vulnerabilities in ViArt Shop, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33340/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-26
A vulnerability has been reported in Mayaa, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33333/
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-26
A vulnerability has been reported in IBM Tivoli Netcool/Webtop, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33330/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products