Report date: November 24, 2008 Date posted: November 24, 2008
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant back [SA32772] Adobe AIR Multiple Vulnerabilities
back [SA32743] GungHo LoadPrgAx ActiveX Control Vulnerability
back [SA32729] Exodus Improper "im://" URI Handling Vulnerability
back [SA32725] VeryDOC PDF Viewer ActiveX Control "OpenPDF()" Buffer Overflow
back [SA32785] Pre ASP Job Board "Username" and "Password" SQL Injection
back [SA32750] Openasp "idpage" SQL Injection Vulnerability
back [SA32810] Symantec Backup Exec for Windows Servers Multiple Vulnerabilities
back [SA32771] Flash Media Server Video Stream Capture Security Issue
back [SA32738] Chilkat Socket ActiveX Component "SaveLastError()" Insecure Method
back [SA32798] Red Hat update for thunderbird
back [SA32796] imlib2 XPM Processing Buffer Overflow Vulnerability
back [SA32778] Ubuntu update for firefox, firefox-3.0, and xulrunner-1.9
back [SA32766] Red Hat update for libxml2
back [SA32764] Ubuntu update for libxml2
back [SA32762] Debian update for libxml2
back [SA32749] Slackware update for mozilla-firefox
back [SA32748] Slackware update for seamonkey
back [SA32721] Fedora update for firefox and xulrunner
back [SA32811] Slackware update for libxml2
back [SA32807] rPath update for libxml2
back [SA32802] Fedora update for libxml2
back [SA32793] Debian update for python2.4
back [SA32773] Libxml2 Two Integer Overflow Vulnerabilities
back [SA32765] Ubuntu update for clamav
back [SA32759] SUSE Update for Multiple Packages
back [SA32753] rPath update for enscript
back [SA32746] Gentoo update for php
back [SA32720] Astaro update for libspf2
back [SA32805] Fedora update for roundup
back [SA32803] Fedora update for grip
back [SA32800] HP OpenView Network Node Manager Cross-Site Scripting Vulnerabilities
back [SA32768] Dovecot ManageSieve Directory Traversal Security Issue
back [SA32761] No-IP Linux Dynamic Update Client Buffer Overflow Vulnerability
back [SA32719] Linux Kernel "hfs_cat_find_brec()" Buffer Overflow Vulnerability
back [SA32769] Ubuntu update for mysql-dfsg-5.0
back [SA32760] OpenSSH CBC Mode Plaintext Recovery Vulnerability
back [SA32820] SystemImager "si_mkbootserver" Insecure Temporary Files
back [SA32780] pam_mount "passwdehd" Insecure Temporary Files
back [SA32774] Citrix XenServer Ext2/Ext3 Processing Security Bypass Vulnerability
back [SA32730] MailScanner "trend-autoupdate" Insecure Temporary Files
back [SA32804] Fedora update for cobbler
back [SA32737] Cobbler Web Interface Privilege Escalation Vulnerability
back [SA32818] P3nfs Insecure Temporary Files
back [SA32799] Red Hat update for kernel
back [SA32792] Ubuntu update for hplip
back [SA32716] Netgear WGR614 Web Interface Request Denial of Service
back [SA32745] Free Directory Script "API_HOME_DIR" File Inclusion Vulnerability
back [SA32734] phpFan "includepath" File Inclusion Vulnerability
back [SA32783] W3matter Multiple Products "f[password]" SQL Injection Vulnerability
back [SA32751] mxCamArchive Information Disclosure and PHP Code Execution
back [SA32747] E-topbiz AdManager "group" SQL Injection Vulnerability
back [SA32744] ScriptsEz FREEze Greetings "pwd.txt" Information Disclosure
back [SA32741] PHPStore Wholesales "id" SQL Injection Vulnerability
back [SA32736] Pluck "g_pcltar_lib_dir" Local File Inclusion Vulnerability
back [SA32733] Jadu Galaxies "categoryID" SQL Injection Vulnerability
back [SA32732] TurnkeyForms Text Link Sales SQL Injection and Security Bypass
back [SA32727] Simple Customer "email" and "password" SQL Injection Vulnerabilities
back [SA32726] SaturnCMS Multiple SQL Injection Vulnerabilities
back [SA32724] Ultrastats "serverid" SQL Injection Vulnerability
back [SA32718] VideoScript "admin/cp.php" Security Bypass Vulnerability
back [SA32717] PHPStore Yahoo Answers "id" SQL Injection Vulnerability
back [SA32815] refbase "headerMsg" Cross-Site Scripting Vulnerability
back [SA32788] MyTopix "send" SQL Injection Vulnerability
back [SA32779] KimsON Cross-Site Scripting Vulnerability
back [SA32757] BoutikOne CMS "search_query" Cross-Site Scripting
back [SA32739] Streber Unspecified Cross-Site Request Forgery Vulnerabilities
back [SA32740] SSH Tectia Products CBC Mode Plaintext Recovery Vulnerability
back [SA32775] vBulletin SQL Injection Vulnerabilities
back [SA32752] Opera "file://" URI Handling Buffer Overflow Vulnerability
back [SA32735] vBulletin Calender SQL Injection Vulnerability
Secunia Bulletin - 2008-47
CERT Bulletin - SB08-329
BULLETIN DETAIL
Secunia Bulletin
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-18
Some vulnerabilities have been reported in Adobe AIR, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32772/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-17
A vulnerability has been reported in the GungHo LoadPrgAx ActiveX control, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32743/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-18
strawdog has discovered a vulnerability in Exodus, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32729/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-17
r0ut3r has discovered a vulnerability in the VeryDOC PDF Viewer ActiveX control, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32725/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-11-20
R3d-D3v!L has reported some vulnerabilities in Pre ASP Job Board, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32785/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-18
athos has discovered a vulnerability in Openasp, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32750/
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, DoS, System access
Released: 2008-11-20
Some vulnerabilities have been reported in Symantec Backup Exec for Windows Servers, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32810/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-18
A security issue has been reported in Flash Media Server, which can be exploited by malicious people to capture content.
Full Advisory:
http://secunia.com/advisories/32771/
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-18
Zigma has discovered a vulnerability in Chilkat Socket ActiveX Component, which can be exploited by malicious people to overwrite arbitrary files.
Full Advisory:
http://secunia.com/advisories/32738/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released: 2008-11-20
Red Hat has issued an update for thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32798/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-20
A vulnerability has been discovered in imlib2, which can be exploited by malicious people to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32796/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released: 2008-11-19
Ubuntu has issued an update for firefox, firefox-3.0, and xulrunner-1.9. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32778/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-18
Red Hat has issued an update for libxml2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32766/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-19
Ubuntu has issued an update for libxml2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32764/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-18
Debian has issued an update for libxml2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32762/
Critical: Highly critical
Where: From remote
Impact: System access, Exposure of sensitive information, Exposure
of system information, Security Bypass
Released: 2008-11-17
Slackware has issued an update for mozilla-firefox. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32749/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released: 2008-11-17
Slackware has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32748/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released: 2008-11-14
Fedora has issued an update for firefox and xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32721/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-20
Slackware has issued an update for libxml2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32811/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-20
rPath has issued an update for libxml2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32807/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-20
Fedora has issued an update for libxml2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32802/
Critical: Moderately critical
Where: From remote
Impact: Unknown, DoS, System access
Released: 2008-11-20
Debian has issued an update for python2.4. This fixes some vulnerabilities, where some have unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32793/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-18
Two vulnerabilities have been reported in Libxml2, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32773/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-18
Ubuntu has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32765/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2008-11-17
SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, disclose potentially sensitive information, or potentially gain escalated privileges, by malicious users to cause a DoS (Denial of Service), and by malicious people to bypass certain security restrictions, disclose potentially sensitive information, cause a DoS, or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32759/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-11-18
rPath has issued an update for enscript. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32753/
Critical: Moderately critical
Where: From remote
Impact: Unknown, Security Bypass, Exposure of sensitive
information, DoS, System access
Released: 2008-11-17
Gentoo has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32746/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-14
Astaro has issued an update for libspf2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32720/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-20
Fedora has issued an update for roundup. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32805/
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-11-20
Fedora has issued an update for grip. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32803/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-20
HP has acknowledged some vulnerabilities in OpenView Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32800/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-18
A security issue has been reported in Dovecot ManageSieve, which can be exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32768/
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-11-19
xenomuta has reported a vulnerability in No-IP Linux Dynamic Update Client (DUC), which potentially can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32761/
Critical: Less critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-14
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32719/
Critical: Less critical
Where: From local network
Impact: Security Bypass, DoS
Released: 2008-11-18
Ubuntu has issued an update for mysql-dfsg-5.0. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32769/
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2008-11-17
A vulnerability has been reported in OpenSSH, which potentially can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32760/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-20
A security issue has been reported in SystemImager, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/32820/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-20
A security issue has been reported in pam_mount, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/32780/
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2008-11-19
A vulnerability has been reported in Citrix XenServer, which can be exploited by malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32774/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-20
A security issue has been reported in MailScanner, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/32730/
Critical: Not critical
Where: From remote
Impact: Privilege escalation
Released: 2008-11-20
Fedora has issued an update for cobbler. This fixes a vulnerability, which can be exploited by malicious users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32804/
Critical: Not critical
Where: From remote
Impact: Privilege escalation
Released: 2008-11-17
A vulnerability has been reported in Cobbler, which can be exploited by malicious users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32737/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-20
A security issue has been reported in P3nfs, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/32818/
Critical: Not critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2008-11-20
Red Hat has issued an update for the kernel. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32799/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-11-20
Ubuntu has issued an update for hplip. This fixes a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32792/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-11-18
sr. has reported a vulnerability in Netgear WGR614v9, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32716/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-19
Ghost Hacker has discovered a vulnerability in Free Directory Script, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32745/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-18
Ahmadbady has reported a vulnerability in phpFan, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32734/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-11-20
Some vulnerabilities have been reported in multiple W3matter products, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32783/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2008-11-18
Ahmadbady has discovered some vulnerabilities in mxCamArchive, which can be exploited by malicious people to disclose sensitive information and malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32751/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-18
Hussin X has reported a vulnerability in E-topbiz AdManager, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32747/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Released: 2008-11-18
cOndemned has discovered a security issue in ScriptsEz FREEze Greetings, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32744/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-17
Hussin X has reported a vulnerability in PHPStore Wholesales, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32741/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-11-18
Digital Security Research Group have reported a vulnerability in Pluck, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32736/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-18
ZoRLu has reported a vulnerability in Jadu Galaxies, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32733/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-11-17
Some vulnerabilities have been reported in TurnkeyForms Text Link Sales, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32732/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-18
d3b4g has discovered some vulnerabilities in Simple Customer, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32727/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-11-18
Hussin X has reported some vulnerabilities in SaturnCMS, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32726/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-18
eek has discovered a vulnerability in Ultrastats, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32724/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-18
G4N0K has reported a vulnerability in VideoScript, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32718/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-17
Snakespc has reported a vulnerability in PHPStore Yahoo Answers, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32717/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-20
A vulnerability has been reported in refbase, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32815/
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-20
cOndemned has discovered a vulnerability in MyTopix, which can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32788/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-19
md.r00t has reported a vulnerability in KimsON, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32779/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-17
d3v1l has reported a vulnerability in BoutikOne CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32757/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-18
Some vulnerabilities have been reported in Streber, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/32739/
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2008-11-17
A vulnerability has been reported in multiple SSH Tectia products, which potentially can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32740/
Critical: Not critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-18
Janek Vind has reported some vulnerabilities in vBulletin, which can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32775/
Critical: Not critical
Where: From remote
Impact: System access
Released: 2008-11-18
send9 has discovered a vulnerability in Opera, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32752/
Critical: Not critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-18
Janek Vind has reported some vulnerabilities in vBulletin, which can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32735/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products