Report date: January 14, 2009 Date posted: January 14, 2009
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant back [SA33425] Winamp gen_msn Plugin Buffer Overflow Vulnerability
back [SA33385] Cain & Abel Cisco IOS Configuration File Buffer Overflow
back [SA33430] CA Service Level Management / Service Metric Analysis Command Execution
back [SA33434] Debian update for icedove
back [SA33433] Debian update for iceape
back [SA33421] Red Hat update for thunderbird
back [SA33415] Ubuntu update for thunderbird
back [SA33414] Fedora update for thunderbird
back [SA33408] Ubuntu update for thunderbird
back [SA33449] Lasso OpenSSL "DSA_verify()" Spoofing Vulnerability
back [SA33445] FreeBSD update for openssl
back [SA33443] Red Hat update for hanterm-xf
back [SA33442] Red Hat update for openssl
back [SA33441] Red Hat update for lcms
back [SA33436] Ubuntu update for openssl
back [SA33419] Fedora update for xterm
back [SA33418] Red Hat update for xterm
back [SA33417] Avaya Products Libxml2 Integer Overflow Vulnerabilities
back [SA33410] Avaya Products Vim Multiple Vulnerabilities
back [SA33407] Xdg-utils mailcap Command Execution Security Issue
back [SA33399] Fedora update for p7zip
back [SA33398] Debian update for ruby1.8 and ruby1.9
back [SA33397] Debian update for xterm
back [SA33394] Red Hat update for openssl
back [SA33390] Sun Solaris update for Flash Player Plugin
back [SA33388] Ubuntu update for xterm
back [SA33450] FreeBSD update for lukemftpd
back [SA33437] tnftpd Long Command Processing Vulnerability
back [SA33426] SmbFTPD Long Command Processing Vulnerability
back [SA33413] Fedora update for proftpd
back [SA33406] NTP OpenSSL "EVP_VerifyFinal()" Spoofing Vulnerability
back [SA33404] ISC BIND "EVP_VerifyFinal()" and "DSA_do_verify()" Spoofing Vulnerability
back [SA33391] Links SSL Verification Security Issue
back [SA33389] Red Hat update for gnome-vfs and gnome-vfs2
back [SA33431] Fedora update for samba
back [SA33392] Ubuntu update for samba
back [SA33400] Fedora update for am-utils
back [SA33422] Red Hat update for xen
back [SA33396] Red Hat update for dbus
back [SA33429] Cisco Global Site Selector DNS Request Denial of Service
back [SA33386] playSMS Multiple File Inclusion Vulnerabilities
back [SA33420] QuoteBook Multiple Vulnerabilities
back [SA33395] RiotPix "username" and "forumid" SQL Injection Vulnerabilities
back [SA33393] Goople CMS "usename" and "password" SQL Injection
back [SA33387] SolucionWeb "id_area" SQL Injection Vulnerability
back [SA33384] BlogHelper "common_db.inc" Information Disclosure Security Issue
back [SA33439] Drupal Project Issue Tracking Module Multiple Vulnerabilities
back [SA33432] Movable Type Unspecified Cross-Site Scripting Vulnerability
back [SA33424] PHP-Fusion Members CV Module "sortby" SQL Injection Vulnerability
back [SA33409] MyNETS Cross-Site Scripting Vulnerability
back [SA33401] DotNetNuke Role Membership Security Bypass
back [SA33383] SemanticScuttle Cross-Site Request Forgery Vulnerabilities
Secunia Bulletin - 2008-53
CERT Bulletin - SB08-371
BULLETIN DETAIL
Secunia Bulletin
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-08
SkD has discovered a vulnerability in the gen_msn plugin for Winamp, which can be exploited by malicious people to potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33425/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-07
send9 has discovered a vulnerability in Cain & Abel, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33385/
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2009-01-08
A vulnerability has been reported in CA Service Level Management (SLM) and CA Service Metric Analysis (SMA), which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33430/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released: 2009-01-08
Debian has issued an update for icedove. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, to disclose sensitive information, conduct cross-site scripting attacks, or to potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33434/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System access
Released: 2009-01-08
Debian has issued an update for iceape. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33433/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2009-01-07
Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33421/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2009-01-07
Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33415/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2009-01-07
Fedora has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33414/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2009-01-07
Ubuntu has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33408/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-08
A vulnerability has been reported in Lasso, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33449/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-08
FreeBSD has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33445/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-08
Red Hat has issued an update for hanterm-xf. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33443/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-08
Red Hat has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33442/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-08
Red Hat has issued an update for lcms. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33441/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-08
Ubuntu has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33436/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-07
Fedora has issued an update for xterm. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33419/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-07
Red Hat has issued an update for xterm. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33418/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-01-07
Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of
Service) or to potentially compromise an application using the Libxml2 library.
Full Advisory:
http://secunia.com/advisories/33417/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-07
Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33410/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-08
A security issue in Xdg-utils has been reported, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33407/
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2009-01-07
Fedora has issued an update for p7zip. This fixes a vulnerability, which has unknown impacts.
Full Advisory:
http://secunia.com/advisories/33399/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-01-05
Debian has issued an update for ruby1.8 and ruby1.9. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33398/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-05
Debian has issued an update for xterm. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33397/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-07
Red Hat has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33394/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information
Released: 2009-01-07
Sun has issued an update for the Flash Player plugin. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate certain data, conduct cross-site scripting attacks, or disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33390/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-06
Ubuntu has issued an update for xterm. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33388/
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2009-01-08
FreeBSD has issued an update for lukemftpd. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33450/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-08
A vulnerability has been reported in tnftpd, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33437/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-08
A vulnerability has been reported in SmbFTPD, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33426/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-07
Fedora has issued an update for proftpd. This fixes a vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33413/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-08
A vulnerability has been reported in NTP, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33406/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-08
A vulnerability has been reported in ISC BIND, which potentially can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33404/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-05
A security issue has been discovered in Links, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33391/
Critical: Less critical
Where: From remote
Impact: System access
Released: 2009-01-07
Red Hat has issued an update for gnome-vfs and gnome-vfs2. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33389/
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2009-01-08
Fedora has issued an update for samba. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33431/
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2009-01-06
Ubuntu has issued an update for samba. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33392/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2009-01-07
Fedora has issued an update for am-utils. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33400/
Critical: Not critical
Where: Local system
Impact: Security Bypass
Released: 2009-01-07
Red Hat has issued an update for xen. This fixes a weakness, which can be exploited by malicious, local users in a Xen DomU to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33422/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-01-07
Red Hat has issued an update for dbus. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33396/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-01-08
A vulnerability has been reported in Cisco Global Site Selector, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33429/
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2009-01-07
ahmadbady has discovered some vulnerabilities in playSMS, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33386/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2009-01-08
A security issue and some vulnerabilities have been discovered in QuoteBook, which can be exploited by malicious people to conduct SQL injection and script insertion attacks, and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33420/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-07
Some vulnerabilities have been discovered in RiotPix, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33395/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-07
Some vulnerabilities have been discovered in Goople CMS, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33393/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-06
Ehsan_Hp200 has reported a vulnerability in SolucionWeb, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33387/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2009-01-07
ahmadbady has discovered a security issue in BlogHelper, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33384/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2009-01-08
A security issue and a vulnerability have been reported in the Project Issue Tracking module for Drupal, which can be exploited by malicious users to disclose sensitive information or conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33439/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-08
A vulnerability has been reported in Movable Type, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33432/
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-08
Sina Yazdanmehr has reported a vulnerability in the Members CV module for PHP-Fusion, which can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33424/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-07
A vulnerability has been reported in MyNETS, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33409/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2009-01-05
A vulnerability has been reported in DotNetNuke, which can be exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33401/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-06
Some vulnerabilities have been reported in SemanticScuttle, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33383/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products