Report date: February 09, 2009 Date posted: February 09, 2009
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant back [SA33817] Euphonics Audio Player PLS Parsing Buffer Overflow Vulnerability
back [SA33796] Nokia PC Suite Multimedia Player Playlist Processing Buffer Overflow
back [SA33791] MultiMedia Soft Various Components AdjMmsEng.dll PLS Parsing Vulnerability
back [SA33766] NaviCOPA Script Source Disclosure and Buffer Overflow Vulnerabilities
back [SA33742] Elecard AVC HD Player Playlist Processing Buffer Overflow
back [SA33728] Synactis ALL In-The-Box ActiveX Control "SaveDoc()" Arbitrary File Overwrite
back [SA33851] QIP Message Processing Denial of Service Vulnerability
back [SA33839] Team Board "team.mdb" Database Disclosure
back [SA33794] UltraVNC "ClientConnection" Signedness Vulnerabilities
back [SA33774] ClickCart "txtEmail" and "txtPassword" SQL Injection
back [SA33771] MyDesign Sayac "user" and "pass" SQL Injection Vulnerabilities
back [SA33754] Google Chrome Cross-Site Scripting and Information Disclosure
back [SA33743] SalesCart "name" and "code" SQL Injection Vulnerabilities
back [SA33788] Kaspersky Products klim5.sys Privilege Escalation Vulnerability
back [SA33819] SUSE update for amarok
back [SA33816] Red Hat update for seamonkey
back [SA33809] Red Hat update for firefox
back [SA33755] Ubuntu update for moinmoin
back [SA33827] Fedora update for roundcubemail
back [SA33822] SUSE update for moodle and phpMyAdmin
back [SA33820] SUSE update for xterm
back [SA33801] Debian update for devil
back [SA33797] HP-UX update for Apache
back [SA33792] Sun Solaris libxml2 Two Integer Overflow Vulnerabilities
back [SA33786] HP NonStop Server DNS Cache Poisoning Vulnerability
back [SA33784] SUSE update for audiofile
back [SA33765] Sun Solaris OpenSSL "EVP_VerifyFinal()" Spoofing Vulnerability
back [SA33752] OpenBSD BGP UPDATE Message Denial of Service Vulnerability
back [SA33746] VMware ESX Server update for net-snmp and libxml2
back [SA33745] Debian update for vnc4
back [SA33733] 4Site CMS Multiple SQL Injection Vulnerabilities
back [SA33854] Red Hat update for kernel
back [SA33828] Fedora update for boinc-client
back [SA33826] Fedora update for nss
back [SA33824] Fedora update for libcdaudio
back [SA33821] SUSE update for net-snmp
back [SA33818] SUSE update for sudo and avahi
back [SA33787] HP-UX IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability
back [SA33823] Fedora update for gnumeric
back [SA33773] IBM AIX "rmsock" and "rmsock64" Log File Privilege Escalation
back [SA33769] Fedora update for gedit
back [SA33759] GNOME gedit Insecure Python Module Search Path Vulnerability
back [SA33776] VMware ESX / ESXi VMDK Delta Disk Denial of Service Weakness
back [SA33825] Fedora update for gpsdrive
back [SA33795] sblim-sfcb "genSslCert.sh" Insecure Temporary Files
back [SA33785] Linux Kernel Denial of Service Vulnerabilities
back [SA33756] Ubuntu update for linux
back [SA33753] Sudo Privilege Escalation Security Issue
back [SA33751] Sun Solaris IP Minor Numbers Denial of Service Vulnerability
back [SA33729] WebSphere Application Server Unspecified Information Disclosure
back [SA33770] Xerox WorkCentre Web Server Unspecified Command Injection
back [SA33739] Profense Web Application Firewall Cross-Site Scripting and Cross-Site Request Forgery
back [SA33738] D-Link DVG-2001S Cross-Site Scripting and Cross-Site Request Forgery
back [SA33779] HP LaserJet / Digital Sender Directory Traversal Vulnerability
back [SA33749] Cisco Products Denial of Service and Security Bypass Vulnerabilities
back [SA33812] GRBoard Multiple File Inclusion Vulnerabilities
back [SA33808] Mozilla SeaMonkey Multiple Vulnerabilities
back [SA33802] Mozilla Thunderbird Memory Corruption Vulnerabilities
back [SA33799] Mozilla Firefox Multiple Vulnerabilities
back [SA33768] GBook "abspath" File Inclusion Vulnerability
back [SA33748] Coppermine Photo Gallery Variable Overwrite Vulnerability
back [SA33744] Novell GroupWise Multiple Vulnerabilities
back [SA33732] TECHNOTE "shop_this_skin_path" File Inclusion Vulnerability
back [SA33836] Drupal Views Bulk Operations Module Script Insertion
back [SA33813] Mahara Unspecified Script Insertion Vulnerability
back [SA33811] PHPbbBook "l" File Inclusion Vulnerability
back [SA33807] TightVNC "ClientConnection" Signedness Vulnerabilities
back [SA33804] ScriptsEz Ez PHP Comment "name" Script Insertion Vulnerability
back [SA33781] Bugzilla Multiple Vulnerabilities
back [SA33780] GR Blog Security Bypass Security Issue
back [SA33778] CMS from Scratch File Upload Vulnerability
back [SA33777] Whole Hog Software Multiple Products SQL Injection and Security Bypass
back [SA33775] Moodle Multiple Vulnerabilities
back [SA33772] PerlSoft Gästebuch "loginname1" Code Execution Vulnerability
back [SA33767] Online Grades SQL Injection and Information Disclosure
back [SA33757] Drupal ImageField Module File Upload and Script Insertion
back [SA33741] ReVou Twitter Clone Script Insertion and SQL Injection
back [SA33735] AJA "currentlang" and "module_name" Local File Inclusion Vulnerabilities
back [SA33734] BPAutoSales SQL Injection and Cross-Site Scripting
back [SA33731] Squid HTTP Version Number Parsing Denial of Service Vulnerability
back [SA33730] DreamPics Builder "exhibition_id" SQL Injection Vulnerability
back [SA33834] htmLawed Unspecified Cross-Site Scripting Vulnerability
back [SA33806] BOINC "RSA_public_decrypt()" Spoofing Vulnerability
back [SA33790] Simple Machines Forum "[url]" Script Insertion Vulnerability
back [SA33789] Bugzilla Script Insertion and Cross-Site Request Forgery
back [SA33782] Bugzilla Cross-Site Request Forgery Vulnerability
back [SA33764] E-Php B2B Trading Marketplace Script "errmsg" Cross-Site Scripting
back [SA33763] SMA-DB "startpage.php" Cross-Site Scripting Vulnerability
back [SA33762] Oracle Forms Cross-Site Scripting Vulnerabilities
back [SA33761] Oracle Application Server Cross-Site Scripting Vulnerabilities
back [SA33760] Fedora update for glpi
back [SA33747] FlatnuX CMS "Job" Script Insertion Vulnerability
back [SA33740] ManageEngine Firewall Analyzer Cross-Site Request Forgery Vulnerability
back [SA33805] ESET Remote Administrator Script Insertion Vulnerability
Secunia Bulletin - 2009-6
CERT Bulletin - SB09-040
BULLETIN DETAIL
Secunia Bulletin
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-02-04
A vulnerability has been discovered in Euphonics Audio Player, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33817/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-02-04
0in has discovered a vulnerability in Nokia PC Suite, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33796/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-02-04
A vulnerability has been discovered in various MultiMedia Soft components for .NET, which potentially can be exploited by malicious people to compromise an application using these components.
Full Advisory:
http://secunia.com/advisories/33791/
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2009-02-04
e.wiZz! has discovered two vulnerabilities in NaviCOPA, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33766/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-02-03
AlpHaNiX has discovered a vulnerability in Elecard AVC HD Player, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33742/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-02-02
A vulnerability has been discovered in the Synactis ALL In-The-Box ActiveX control, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33728/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-02-05
Maxim Kulakov has discovered a vulnerability in QIP, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33851/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2009-02-05
Pouya_Server has reported a security issue in Team Board, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33839/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-02-04
Some vulnerabilities have been reported in UltraVNC, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33794/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-02-03
R3d D3v!L has reported some vulnerabilities in ClickCart, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33774/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-02-04
Kacak has discovered two vulnerabilities in MyDesign Sayac, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33771/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2009-02-02
Two vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33754/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-02-02
ByALBAYX has reported some vulnerabilities in SalesCart, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33743/
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2009-02-03
Ruben Santamarta has reported a vulnerability in multiple Kaspersky products, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33788/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-02-04
SUSE has issued an update for amarok. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33819/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released: 2009-02-04
Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33816/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, System access
Released: 2009-02-04
Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33809/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2009-01-30
Ubuntu has issued an update for moinmoin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass security restrictions, manipulate certain data, or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33755/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-05
Fedora has issued an update for roundcubemail. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33827/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released: 2009-02-04
SUSE has issued an update for moodle and phpMyAdmin. This fixes some vulnerabilities, which can be exploited by malicious users to disclose potentially sensitive information, conduct cross-site scripting attacks, and compromise a vulnerable system, and malicious people to conduct SQL injection, cross-site scripting, and cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33822/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-02-04
SUSE has issued an update for xterm. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33820/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-02-05
Debian has issued an update devil. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/33801/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released: 2009-02-04
HP has issued an update for Apache. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33797/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-02-04
Sun has acknowledged two vulnerabilities in libxml2 in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/33792/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-02-03
HP has acknowledged a vulnerability in HP NonStop Server, which can be exploited by malicious people to poison the DNS cache.
Full Advisory:
http://secunia.com/advisories/33786/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-02-04
SUSE has issued an update for audiofile. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/33784/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-30
Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33765/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-02-02
A vulnerability has been reported in OpenBSD, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33752/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-02-02
VMware has issued an update for VMware ESX Server. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33746/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-02-02
Debian has issued an update for vnc4. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33745/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-02-05
D.Mortalov has reported some vulnerabilities in 4Site CMS, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33733/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2009-02-05
Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), and by malicious people to potentially cause a DoS.
Full Advisory:
http://secunia.com/advisories/33854/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-02-05
Fedora has issued an update for boinc-client. This fixes a vulnerability, which can potentially be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33828/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-02-05
Fedora has issued an update for nss. This fixes a security issue, which potentially can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33826/
Critical: Less critical
Where: From remote
Impact: System access
Released: 2009-02-05
Fedora has issued an update for libcdaudio. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33824/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2009-02-04
SUSE has issued an update for net-snmp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33821/
Critical: Less critical
Where: From local network
Impact: Privilege escalation, DoS
Released: 2009-02-04
SUSE has issued an update for sudo and avahi. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33818/
Critical: Less critical
Where: From local network
Impact: Spoofing, Exposure of sensitive information, DoS
Released: 2009-02-03
A vulnerability has been reported in HP-UX, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, or to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33787/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2009-02-05
Fedora has issued an update for gnumeric. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33823/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2009-01-30
IBM has acknowledged a security issue in IBM AIX, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33773/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2009-01-30
Fedora has issued an update for gedit. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33769/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2009-01-30
A vulnerability has been reported in gedit, which can be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33759/
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2009-02-02
A weakness has been reported in VMware ESX / ESXi, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33776/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2009-02-05
Fedora has issued an update for gpsdrive. This fixes some security issues, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33825/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2009-02-05
A security issue has been reported in sblim-sfcb, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33795/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-02-04
Some vulnerabilities have been reported in the Linux Kernel, which potentially can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33785/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-01-30
Ubuntu has issued an update for linux. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33756/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2009-02-04
A security issue has been reported in sudo, which can be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33753/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-02-02
Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33751/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-01-30
A vulnerability has been reported in WebSphere Application Server, which can potentially be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33729/
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2009-02-02
A vulnerability has been reported in Xerox WorkCentre, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33770/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-30
Michael Brooks has discovered some vulnerabilities in Profense Web Application Firewall, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33739/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-03
Some vulnerabilities have been reported in D-Link DVG-2001S, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33738/
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-02-05
A vulnerability has been reported in HP LaserJet and Digital Sender products, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33779/
Critical: Less critical
Where: From local network
Impact: Security Bypass, DoS
Released: 2009-02-05
Some vulnerabilities have been reported in multiple Cisco Products, which can be exploited by malicious people to cause a DoS (Denial of
Service) and by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33749/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-02-04
make0day has discovered some vulnerabilities in GRBoard, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33812/
Critical: Highly critical
Where: From remote
Impact: DoS, System access, Security Bypass
Released: 2009-02-04
Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions or potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33808/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2009-02-04
Some vulnerabilities have been reported in Mozilla Thunderbird, which can potentially be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33802/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, System access
Released: 2009-02-04
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33799/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-02-03
A vulnerability has been discovered in GBook, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33768/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2009-01-30
Michael Brooks has discovered a vulnerability in Coppermine Photo Gallery, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33748/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2009-02-02
Some vulnerabilities have been reported in Novell GroupWise, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, and script insertion attacks, bypass certain security restrictions, or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33744/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-02-04
make0day has reported a vulnerability in TECHNOTE, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33732/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-05
A vulnerability has been reported in the Views Bulk Operations module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33836/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-05
A vulnerability has been reported in Mahara, which can be exploited by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33813/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-02-04
Osirys has discovered a vulnerability in PHPbbBook, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33811/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-02-04
Some vulnerabilities have been reported in TightVNC, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33807/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-04
Cru3l.b0y has reported a vulnerability in ScriptsEz Ez PHP Comment, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33804/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2009-02-03
Some vulnerabilities and a security issue have been reported in Bugzilla, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to potentially disclose sensitive information or to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33781/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2009-02-05
JosS has discovered a security issue in GR Blog, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33780/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2009-02-03
StAkeR has discovered a vulnerability in CMS from Scratch, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33778/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-02-03
Some vulnerabilities have been reported in multiple Whole Hog Software products, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33777/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information,
Privilege escalation, System access
Released: 2009-02-04
Some vulnerabilities have been reported in Moodle, which can potentially be exploited by malicious, local users to perform certain actions with escalated privileges, by malicious users to conduct script insertion attacks or to compromise a vulnerable system, and by malicious people to conduct cross-site scripting attacks or to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33775/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-02-02
Perforin has reported a vulnerability in PerlSoft Gästebuch, which can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33772/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of system
information
Released: 2009-02-03
Some vulnerabilities and a security issue have been discovered in Online Grades, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33767/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-02-02
Some vulnerabilities have been discovered in the ImageField module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33757/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2009-02-02
nuclear has reported some vulnerabilities in ReVou Twitter Clone, which can be exploited by malicious people to conduct SQL injection attacks and malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33741/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2009-02-03
Some vulnerabilities have been discovered in AJA, which can be exploited by malicious people to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/33735/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2009-02-02
xoron has reported some vulnerabilities in BPAutoSales, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33734/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-02-04
A vulnerability has been reported in Squid, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33731/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-02-04
xoron has reported a vulnerability DreamPics Builder, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33730/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-05
A vulnerability has been reported in htmLawed, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33834/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-02-05
A vulnerability has been reported in BOINC, which can potentially be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33806/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-04
Xianur0 has discovered a vulnerability in Simple Machines Forum, which can be exploited by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33790/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-03
Some vulnerabilities have been reported in Bugzilla, which can be exploited by malicious users to conduct script insertion attacks and malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33789/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-03
A vulnerability has been reported in Bugzilla, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33782/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-02
SaiedHacker has reported two vulnerabilities in E-Php B2B Trading Marketplace Script, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33764/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-03
A vulnerability has been discovered in SMA-DB, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33763/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-02
Some vulnerabilities have been reported in Oracle Forms, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33762/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-02
Some vulnerabilities have been reported in Oracle Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33761/
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-30
Fedora has issued an update for glpi. This fixes some vulnerabilities, which can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33760/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-03
A vulnerability has been discovered in FlatnuX CMS, which can be exploited by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33747/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-30
A vulnerability has been discovered in ManageEngine Firewall Analyzer, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33740/
Critical: Less critical
Where: From local network
Impact: Cross Site Scripting
Released: 2009-02-05
A vulnerability has been reported in ESET Remote Administrator, which can be exploited by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33805/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products