Report date: December 22, 2008 Date posted: December 22, 2008
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant back [SA33183] Realtek Media Player Playlist Processing Buffer Overflow
back [SA33233] betaparticle blog Database Disclosure
back [SA33199] EvimGibi Pro Resim Galerisi "kat_id" SQL Injection
back [SA33197] PreProjects Products Database Disclosure Security Issue
back [SA33193] Hitachi JP1/Integrated Management Script Insertion Vulnerability
back [SA33172] HomeBuilder Multiple SQL Injection Vulnerabilities
back [SA33167] RealtyListings Multiple SQL Injection Vulnerabilities
back [SA33165] Nukedit "dbsite.mdb" Database Disclose Security Issue
back [SA33155] ClickAndEmail SQL Injection and Cross-Site Scripting
back [SA33154] Click&Rank Multiple SQL Injection Vulnerabilities
back [SA33152] ASP-DEv XM Events Diary "cat" SQL Injection Vulnerabilities
back [SA33134] ASPired2Blog SQL Injection and Database Disclosure
back [SA33130] The Net Guys Multiple Products Database Disclosure
back [SA33128] ASP-CMS "cha" SQL Injection Vulnerability
back [SA33123] TmaxSoft JEUS Script Source Disclosure Vulnerability
back [SA33232] Ubuntu update for firefox
back [SA33231] Ubuntu update for firefox
back [SA33221] Adobe Flash Player for Linux SWF Processing Vulnerability
back [SA33216] Ubuntu update for firefox-3.0 and xulrunner-1.9
back [SA33189] Red Hat update for seamonkey
back [SA33188] Red Hat update for firefox
back [SA33179] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
back [SA33178] Gentoo update for ruby
back [SA33170] Fedora update for roundcubemail
back [SA33140] Gentoo update for openoffice and openoffice-bin
back [SA33136] MPlayer TwinVQ Processing Buffer Overflow Vulnerability
back [SA33219] Ubuntu update for lcms
back [SA33201] Red Hat update for kernel
back [SA33195] SUSE update for clamav
back [SA33194] SUSE update for IBM Java
back [SA33187] Avaya CMS Sun Java JDK / JRE Multiple Vulnerabilities
back [SA33181] Red Hat update for enscript
back [SA33173] Gentoo update for jasper
back [SA33149] Gentoo update for dovecot
back [SA33148] Sun Solaris IPv4 Forwarding Denial of Service
back [SA33147] Fedora update for drupal
back [SA33142] Debian update for uw-imap
back [SA33137] Gentoo update for povray
back [SA33132] IBM WebSphere Portal Unspecified Security Bypass Vulnerability
back [SA33122] Joomla Live Chat Component "last" SQL Injection Vulnerabilities
back [SA33185] Ubuntu update for ruby1.9
back [SA33180] Debian update for linux-2.6
back [SA33156] Sun Solaris Apache "mod_proxy_http" and "mod_proxy_ftp"
back [SA33146] Fedora update for phpMyAdmin
back [SA33144] Fedora update for gallery2
back [SA33138] Debian update for no-ip
back [SA33157] Sun Solaris "libICE" Denial of Service Vulnerability
back [SA33153] Avahi Multicast DNS Processing Denial of Service Vulnerability
back [SA33217] Ubuntu update for libvirt
back [SA33198] libvirt Security Bypass Issue
back [SA33182] Red Hat update for kernel
back [SA33160] Sun Solaris IP Tunnel SIOCGTUNPARAM IOCTL Vulnerability
back [SA33151] SUSE update for freeradius
back [SA33141] Gentoo update for honeyd
back [SA33139] Gentoo update for aview
back [SA33158] Sun Netra / Fire Servers IP Spoofing Vulnerability
back [SA33205] Mozilla Thunderbird Multiple Vulnerabilities
back [SA33204] Mozilla SeaMonkey Multiple Vulnerabilities
back [SA33203] Mozilla Firefox 3 Multiple Vulnerabilities
back [SA33184] Mozilla Firefox 2 Multiple Vulnerabilities
back [SA33169] RoundCube Webmail "bin/html2text.php" PHP Code Execution
back [SA33163] WorkSimple File Inclusion and Information Disclosure
back [SA33224] ADbNewsSender Multiple Vulnerabilities
back [SA33208] Rematic CMS "id" SQL Injection Vulnerabilities
back [SA33192] Irrlicht B3D Loader Buffer Overflow Vulnerability
back [SA33186] phplist Unspecified Local File Inclusion Vulnerability
back [SA33176] Mediatheka Local File Inclusion and SQL Injection
back [SA33162] GeekiGeeki Arbitrary File Disclosure Vulnerabilities
back [SA33161] Injader SQL Injection and Script Insertion
back [SA33150] RSMScript Security Bypass and Script Insertion Vulnerabilities
back [SA33145] chuggnutt.com "HTML to Plain Text Conversion" PHP Class Code Execution
back [SA33133] MediaWiki Multiple Vulnerabilities
back [SA33126] Xpoze "menu" SQL Injection Vulnerability
back [SA33125] Social Groupie "id" SQL Injection Vulnerability
back [SA33124] phpAddEdit "addedit" Cookie Security Bypass Vulnerability
back [SA33225] Drupal Views Module Unspecified SQL Injection Vulnerabilities
back [SA33206] TangoCMS Unspecified Cross-Site Request Forgery Vulnerabilities
back [SA33200] Interstage HTTP Server Cross-Site Scripting Vulnerability
back [SA33175] FlatnuX CMS Multiple Cross-Site Scripting Vulnerabilities
back [SA33174] BabbleBoard Cross-Site Request Forgery Vulnerability
back [SA33166] phpBB Account Re-activation Security Bypass
back [SA33164] Barracuda Products Cross-Site Scripting Vulnerabilities
back [SA33159] Sun Java Wireless Toolkit for CLDC Buffer Overflow Vulnerabilities
back [SA33143] IBM Tivoli Provisioning Manager SOAP Authentication Security Issue
back [SA33127] Citrix Application Gateway Broadcast Server SQL Injection Vulnerability
Secunia Bulletin - 2008-51
CERT Bulletin - SB08-357
BULLETIN DETAIL
Secunia Bulletin
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-12-16
shinnai has discovered a vulnerability in Realtek Media Player (RtlRack), which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33183/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-18
A security issue has been reported in betaparticle blog, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33233/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-17
ZoRLu has discovered a vulnerability in EvimGibi Pro Resim Galerisi, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33199/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-18
Pouya_Server has reported a security issue in multiple PreProjects products, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33197/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-16
A vulnerability has been reported in Hitachi JP1/Integrated Management, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33193/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-15
AlpHaNiX has reported some vulnerabilities in HomeBuilder, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33172/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-15
AlpHaNiX has reported some vulnerabilities in RealtyListings, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33167/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-17
Cyber.Zer0 has discovered a security issue in Nukedit, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33165/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Released: 2008-12-16
AlpHaNiX has reported some vulnerabilities in ClickAndEmail, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33155/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-12-16
AlpHaNiX has reported some vulnerabilities in Click&Rank, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33154/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-15
Some vulnerabilities have been discovered in ASP-DEv XM Events Diary, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33152/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-12-15
Pouya_Server has reported a vulnerability and a security issue in ASPired2Blog, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33134/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-12
Some security issues have been reported in multiple The Net Guys products, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33130/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-12
Sina Yazdanmehr has discovered a vulnerability in ASP-CMS, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33128/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-12-17
Simon Ryeo has reported a vulnerability in TmaxSoft JEUS, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33123/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2008-12-18
Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33232/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2008-12-18
Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33231/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-12-18
A vulnerability has been reported in Adobe Flash Player, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33221/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2008-12-18
Ubuntu has issued an update for firefox-3.0 and xulrunner-1.9. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33216/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2008-12-17
Red Hat has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33189/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2008-12-17
Red Hat has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33188/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information, Privilege escalation, DoS, System access
Released: 2008-12-16
Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities.
Full Advisory:
http://secunia.com/advisories/33179/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Spoofing, DoS, System access
Released: 2008-12-17
Gentoo has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), conduct spoofing attacks, and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33178/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-12-15
Fedora has issued an update for roundcubemail. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33170/
Critical: Highly critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2008-12-15
Gentoo has issued an update for openoffice and openoffice-bin. This fixes some vulnerabilities and a security issue, which potentially can be exploited by malicious people to compromise a user's system, and by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33140/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-12-15
Tobias Klein has reported a vulnerability in MPlayer, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33136/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-18
Ubuntu has issued an update for lcms. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33219/
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS
Released: 2008-12-17
Red Hat has issued an update for the kernel. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain escalated privileges, and by malicious people to cause a DoS.
Full Advisory:
http://secunia.com/advisories/33201/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-12-16
SUSE has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33195/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information
Released: 2008-12-16
SUSE has issued an update for IBM Java. This fixes some vulnerabilities, which can be exploited by malicious people to disclose system and potentially sensitive information and bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33194/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, System access
Released: 2008-12-16
Avaya has acknowledged some vulnerabilities in Avaya CMS, which can be exploited by malicious people to bypass certain security restrictions or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33187/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-16
Red Hat has issued an update for enscript. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33181/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-17
Gentoo has issued an update for jasper. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/33173/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2008-12-15
Gentoo has issued an update for dovecot. This fixes two security issues and a vulnerability, which can be exploited by malicious users to bypass certain security restrictions and malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33149/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-12-16
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33148/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-15
Fedora has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33147/
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2008-12-15
Debian has issued an update for uw-imap. This fixes some vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges, and by malicious people to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33142/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-15
Gentoo has issued an update for povray. This fixes a some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33137/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-12-12
IBM has acknowledged a vulnerability in WebSphere Portal, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33132/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-15
Some vulnerabilities have been discovered in the Live Chat component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33122/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-12-17
Ubuntu has issued an update for ruby1.9. This fixes a vulnerability, which can potentially be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33185/
Critical: Less critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2008-12-16
Debian has issued an update for linux-2.6. This fixes a weakness and some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and cause a DoS (Denial of Service), and by malicious people to cause a DoS.
Full Advisory:
http://secunia.com/advisories/33180/
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, DoS
Released: 2008-12-16
Sun has acknowledged two vulnerabilities in Apache 2.0 included in Sun Solaris, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33156/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-15
Fedora has issued an update for phpMyAdmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33146/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2008-12-15
Fedora has issued an update for gallery2. This fixes some vulnerabilities, can be exploited by malicious users to disclose sensitive information and conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33144/
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-12-15
Debian has issued an update for no-ip. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33138/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-12-15
Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33157/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-12-15
A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33153/
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2008-12-18
Ubuntu has issued an update for libvirt. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33217/
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2008-12-18
A security issue has been reported in libvirt, which can be exploited by malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33198/
Critical: Less critical
Where: Local system
Impact: Security Bypass, Privilege escalation
Released: 2008-12-16
Red Hat has issued an update for the kernel. This fixes a weakness and a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33182/
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2008-12-18
A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33160/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-12-16
SUSE has issued an update for freeradius. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33151/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-12-15
Gentoo has issued an update for honeyd. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33141/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-12-15
Gentoo has issued an update for aview. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33139/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2008-12-16
Sun has acknowledged a vulnerability in several Netra and Fire products, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33158/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2008-12-17
Some vulnerabilities have been reported in Mozilla Thunderbird, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33205/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2008-12-17
Some vulnerabilities have been reported in Mozilla SeaMonkey, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33204/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2008-12-17
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33203/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2008-12-17
Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33184/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-12-15
A vulnerability has been discovered in RoundCube Webmail, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33169/
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2008-12-16
Osirys has discovered some vulnerabilities in WorkSimple, which can be exploited by malicious people to disclose sensitive information and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33163/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-12-18
Some vulnerabilities have been reported in ADbNewsSender, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33224/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-18
Lidloses_Auge has reported some vulnerabilities in Rematic CMS, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33208/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-12-18
A vulnerability has been reported in Irrlicht, which can be exploited by malicious people to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33192/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-12-16
A vulnerability has been reported in phplist, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33186/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-12-15
Some vulnerabilities have been discovered in Mediatheka, which can be exploited by malicious people to disclose sensitive information and conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33176/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-12-15
Two vulnerabilities have been reported in GeekiGeeki, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33162/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-12-15
Some vulnerabilities have been reported in Injader, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33161/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2008-12-17
Cyber.Zer0 has discovered some vulnerabilities in RSMScript, which can be exploited by malicious people to bypass certain security restrictions and by malicious users to perform script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33150/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-12-15
A vulnerability has been discovered in the chuggnutt.com "HTML to Plain Text Conversion" PHP class, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33145/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-15
Some vulnerabilities have been reported in MediaWiki, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33133/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-12
XaDoS has reported a vulnerability in Xpoze, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33126/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-12
Cyb3r-1sT has reported a vulnerability in Social Groupie, which can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33125/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-12-12
x0r has discovered a vulnerability in phpAddEdit, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33124/
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2008-12-18
Some vulnerabilities have been reported in the Views module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33225/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-17
Some vulnerabilities have been reported in TangoCMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33206/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-17
Fujitsu has acknowledged some vulnerabilities in Interstage HTTP Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33200/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-16
gmda has discovered some vulnerabilities in FlatnuX CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33175/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-16
SirGod has discovered a vulnerability in BabbleBoard, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33174/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-12-15
A security issue has been reported in phpBB, which can be exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33166/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-12-16
Dr. Marian Ventuneac has reported some vulnerabilities in various Barracuda products, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33164/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-12-16
Some vulnerabilities have been reported in Sun Java Wireless Toolkit for CLDC, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33159/
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2008-12-15
A security issue has been reported in IBM Tivoli Provisioning Manager, which potentially can be exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33143/
Critical: Less critical
Where: From local network
Impact: Manipulation of data
Released: 2008-12-15
A vulnerability has been reported in Citrix Application Gateway for Cisco, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33127/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products