Report date: December 08, 2008 Date posted: December 08, 2008
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant back [SA32987] RadAsm ".rap" Processing Buffer Overflow Vulnerability
back [SA33000] MailingListPro Database Disclosure Security Issue
back [SA32988] Rae Media Contact Management Software "Password" SQL Injection
back [SA32941] Active Trade "username" and "password" SQL Injection Vulnerabilities
back [SA32930] Ocean12 FAQ Manager Pro "ID" SQL Injection Vulnerability
back [SA32929] Ocean12 Mailing List Manager Gold Multiple Vulnerabilities
back [SA32928] ASPReferral "AccountID" SQL Injection Vulnerability
back [SA32927] Active eWebquiz "useremail" and "password" SQL Injection Vulnerabilities
back [SA32922] Active Votes "AccountID" SQL Injection Vulnerability
back [SA32921] Active Products "password" SQL Injection Vulnerability
back [SA32920] Active Bids "ItemID" SQL Injection Vulnerability
back [SA32976] Gallery MX "ID" SQL Injection Vulnerability
back [SA32973] Calendar Mx Professional "ID" SQL Injection Vulnerability
back [SA32940] Microsoft Office Communications Server SIP INVITE Denial of Service
back [SA32963] Ubuntu update for imlib2
back [SA32962] Gentoo update for optipng
back [SA32949] Debian update for imlib2
back [SA32979] PowerDNS CH HINFO Denial of Service Vulnerability
back [SA32975] Gentoo update for mantisbt
back [SA32974] Gentoo update for libxml2
back [SA32972] Gentoo update for lighttpd
back [SA32971] Gentoo update for ipsec-tools
back [SA32970] Gentoo update for enscript
back [SA32948] Slackware update for ruby
back [SA32946] Ubuntu update for libvorbis
back [SA32945] Ubuntu update for imagemagick
back [SA32944] Debian update for wireshark
back [SA32936] Ubuntu update for clamav
back [SA32934] WebGUI Executable Attachments Vulnerability
back [SA32926] ClamAV "cli_check_jpeg_exploit()" Denial of Service Vulnerability
back [SA32918] Ubuntu update for kernel
back [SA32917] Kolab Server ClamAV Multiple Vulnerabilities
back [SA33002] Ubuntu update for awstats
back [SA32966] Fedora update for wordpress
back [SA32954] Debian update for phpmyadmin
back [SA32952] VMware ESX Server update for bzip2
back [SA32939] Debian update for awstats
back [SA33003] Ubuntu update for net-snmp
back [SA32968] Fedora update for samba
back [SA32951] Slackware update for samba
back [SA32919] Ubuntu update for samba
back [SA32980] Debian update for perl
back [SA32977] IBM HMC HTTP TRACE Response Cross-Site Scripting Weakness
back [SA32967] Fedora update for lynx
back [SA32969] HP-UX Unspecified Local Denial of Service Vulnerability
back [SA32961] Debian update for flamethrower
back [SA32960] DAHDI "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerability
back [SA32959] Debian update for jailer
back [SA32953] SUSE update for kernel
back [SA32947] Zaptel "ZT_SPANCONFIG" IOCTL Privilege Escalation Vulnerabilities
back [SA32943] jailer "updatejail" Insecure Temporary Files
back [SA32933] Linux Kernel PARISC "parisc_show_stack()" Denial of Service
back [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities
back [SA32986] Multi SEO phpBB "pfad" File Inclusion Vulnerability
back [SA32942] VLC Media Player Real Demuxer Integer Overflow Vulnerability
back [SA32964] PHP ZipArchive::extractTo() Directory Traversal Vulnerability
back [SA32958] Check Up System for Thai Healthcare "search" SQL Injection
back [SA32950] RakhiSoftware Shopping Cart Multiple Vulnerabilities
back [SA32938] Basic PHP CMS "id" SQL Injection Vulnerability
back [SA32932] Bluo CMS "id" SQL Injection Vulnerability
back [SA32931] mvnForum Unspecified Cross-Site Scripting and Request Forgery
back [SA32925] PHP TV Portal "mid" SQL Injection Vulnerability
back [SA32923] Sunbyte e-Flower "id" SQL Injection Vulnerability
back [SA32924] CMS Made Simple "cms_language" Cookie Local File Inclusion
back [SA32996] W3matter RevSense "section" Cross-Site Scripting Vulnerability
back [SA32985] ImpressCMS Session Fixation Vulnerability
back [SA32978] Drupal Storm Module SQL Injection Vulnerabilities
back [SA32957] IBM Rational ClearCase Cross-Site Scripting Vulnerability
back [SA32937] iNet Orkut Clone "id" SQL Injection and Cross-Site Scripting
back [SA32935] Movable Type Unspecified Cross-Site Scripting Vulnerability
back [SA32965] VMware ESX / ESXi Virtual Hardware Memory Corruption Vulnerability
Secunia Bulletin - 2008-49
CERT Bulletin - SB08-343
BULLETIN DETAIL
Secunia Bulletin
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-12-04
Data_Sniper has discovered a vulnerability in RadAsm, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32987/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-04
AlpHaNiX has reported a security issue in MailingListPro, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33000/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-12-04
b3hz4d has reported a vulnerability in Rae Media Contact Management Software, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32988/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-12-01
R3d D3v!L has reported some vulnerabilities in Active Trade, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32941/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-01
Stack has reported a vulnerability in Ocean12 FAQ Manager Pro, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32930/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released: 2008-12-03
Pouya_Server has reported some vulnerabilities in Ocean12 Mailing List Manager Gold, which can be exploited by malicious users and people to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32929/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-01
((r3d D3v!L)) has reported a vulnerability in ASPReferral, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32928/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Security Bypass
Released: 2008-12-01
R3d D3v!L has reported some vulnerabilities in Active eWebquiz, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32927/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-01
R3d D3v!L has reported a vulnerability in Active Votes, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32922/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-12-01
R3d-D3v!L has reported some vulnerabilities in multiple Active products, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32921/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-01
Stack has reported a vulnerability in Active Bids, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32920/
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-04
R3d D3v!L has reported a vulnerability in Gallery MX, which can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32976/
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-04
R3d D3v!L has reported a vulnerability in Calendar Mx Professional, which can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32973/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-12-01
A vulnerability has been reported in Microsoft Office Communications Server, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32940/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-12-03
Ubuntu has issued an update for imlib2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32963/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-12-03
Gentoo has issued an update for optipng. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32962/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-12-01
Debian has issued an update for imlib2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32949/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-12-04
A vulnerability has been reported in PowerDNS, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32979/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2008-12-03
Gentoo has issued an update for mantisbt. This fixes a security issue and a vulnerability, which can be exploited by malicious users to disclose potentially sensitive information and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32975/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-12-03
Gentoo has issued an update to libxml2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32974/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information, DoS
Released: 2008-12-03
Gentoo has issued an update for lighttpd. This fixes a weakness and two vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32972/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-12-03
Gentoo has issued an update for ipsec-tools. This fixes some vulnerabilities, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32971/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-03
Gentoo has issued an update for enscript. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32970/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2008-12-01
Slackware has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/32948/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-12-02
Ubuntu has issued an update for libvorbis. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32946/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-12-02
Ubuntu has issued an update for imagemagick. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32945/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS
Released: 2008-12-01
Debian has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32944/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-12-03
Ubuntu has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32936/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-03
A vulnerability has been reported in WebGUI, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32934/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-12-02
A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32926/
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2008-11-28
Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges, and by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32918/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-12-03
Some vulnerabilities have been reported in Kolab Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32917/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-04
Ubuntu has issued an update for awstats. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33002/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-03
Fedora has issued an update for wordpress. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/32966/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-02
Debian has issued an update for phpmyadmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32954/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-12-03
VMware has issued an update for VMware ESX Server. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32952/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-03
Debian has issued an update for awstats. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32939/
Critical: Less critical
Where: From local network
Impact: DoS, System access
Released: 2008-12-04
Ubuntu has issued an update for net-snmp. This fixes some vulnerabilities, which can be exploited by malicious people to spoof authenticated SNMPv3 packets, cause a DoS (Denial of Service), and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33003/
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2008-12-03
Fedora has issued an update for samba. This fixes a vulnerability, which potentially can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32968/
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2008-12-01
Slackware has issued an update for samba. This fixes a vulnerability, which potentially can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32951/
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2008-11-28
Ubuntu has issued an update for samba. This fixes a vulnerability, which potentially can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32919/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-12-04
Debian has issued an update for perl. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32980/
Critical: Not critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-04
IBM has acknowledged a weakness in IBM HMC, which potentially can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32977/
Critical: Not critical
Where: From remote
Impact: System access
Released: 2008-12-03
Fedora has issued an update for lynx. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32967/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-12-03
A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32969/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-12-02
Debian has issued an update for flamethrower. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/32961/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-12-02
A vulnerability has been reported in DAHDI, which potentially can be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32960/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-12-01
Debian has issued an update for jailer. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/32959/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-12-03
SUSE has issued an update for the kernel. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32953/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-12-02
Some vulnerabilities have been reported in Zaptel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32947/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-12-01
A security issue has been reported in jailer, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/32943/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-12-04
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32933/
Other:
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: 2008-12-04
Some vulnerabilities have been reported in Sun Java, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32991/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-12-04
NoGe has discovered a vulnerability in Multi SEO phpBB, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32986/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-12-01
A vulnerability has been discovered in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32942/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-04
Stefan Esser has reported a vulnerability in PHP, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32964/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-04
CWH Underground has reported a vulnerability in Check Up System for Thai Healthcare, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32958/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information
Released: 2008-12-01
Charalambous Glafkos has reported some vulnerabilities in RakhiSoftware Shopping Cart, which can be exploited by malicious people to disclose system information, or to conduct SQL injection and cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32950/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-01
CWH Underground has discovered a vulnerability in Basic PHP CMS, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32938/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-01
The_5p3ctrum has reported a vulnerability in Bluo CMS, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32932/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-03
Some vulnerabilities have been reported in mvnForum, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/32931/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-01
A vulnerability has been reported in PHP TV Portal, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32925/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-03
W4RL0CK has reported a vulnerability in Sunbyte e-Flower, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32923/
Critical: Moderately critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2008-12-01
A vulnerability has been discovered in CMS Made Simple, which can be exploited by malicious people to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/32924/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-04
Pouya_Server has reported a vulnerability in W3matter RevSense, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32996/
Critical: Less critical
Where: From remote
Impact: Hijacking
Released: 2008-12-04
A vulnerability has been reported in ImpressCMS, which can be exploited by malicious people to conduct session fixation attacks.
Full Advisory:
http://secunia.com/advisories/32985/
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-04
Jakub Suchy has reported some vulnerabilities in the Storm module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32978/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-02
A vulnerability has been reported in IBM Rational ClearCase, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32957/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-12-03
d3b4g has reported some vulnerabilities in iNet Orkut Clone, which can be exploited by malicious users to conduct SQL injection attacks and malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32937/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-03
A vulnerability has been reported in Movable Type, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32935/
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2008-12-03
A vulnerability has been reported in VMware ESX / ESXi, which can be exploited by malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32965/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products