Report date: January 20, 2009 Date posted: January 20, 2009
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant None relevant back [SA33496] Triologic Media Player Playlist Processing Buffer Overflow Vulnerability
back [SA33483] Browse3D ".sfs" Processing Buffer Overflow Vulnerability
back [SA33478] Winamp AIFF Processing Buffer Overflow Vulnerability
back [SA33541] Avira Antivir RAR Processing Denial of Service Vulnerabilities
back [SA33489] DMXReady SDK "download_link.asp" Security Bypass Vulnerability
back [SA33487] Members Area Manager "cid" SQL Injection Vulnerability
back [SA33482] DMXReady Multiple Products "cid" SQL Injection Vulnerability
back [SA33537] AAA EasyGrid ActiveX Control "DoSaveFile()" Insecure Method
back [SA33561] TFTPUtil Directory Traversal Vulnerability
back [SA33547] Debian update for xulrunner
back [SA33536] Red Hat update for java-1.5.0-ibm
back [SA33528] Red Hat update for java-1.6.0-ibm
back [SA33505] Amarok Audible Audio Processing Multiple Vulnerabilities
back [SA33503] Gentoo update for mplayer
back [SA33493] SUSE Update for Mozilla Products
back [SA33491] Sun Solaris Adobe Reader Multiple Vulnerabilities
back [SA33473] FTTSS A Free Text-To-Speech System "voz" Command Injection Vulnerability
back [SA33462] SUSE Update for Multiple Packages
back [SA33460] Gentoo update for acroread
back [SA33457] SUSE update for Sun Java
back [SA33557] Slackware update for openssl
back [SA33518] IBM HMC Unspecified Vulnerability
back [SA33517] Red Hat update for squirrelmail
back [SA33515] Debian update for openssl and openssl097
back [SA33513] Gentoo update for pdnsd
back [SA33511] Gentoo update for ndiswrapper
back [SA33509] Gentoo update for streamripper
back [SA33508] Gentoo tremulous Buffer Overflow Vulnerability
back [SA33502] Gentoo update for online-bookmarks
back [SA33501] Gentoo update for gnutls
back [SA33497] Debian update for lasso
back [SA33559] Slackware update for bind
back [SA33558] Slackware update for ntp
back [SA33556] Red Hat update for kernel
back [SA33551] OpenBSD update for named
back [SA33546] Fedora update for bind
back [SA33543] Fedora update for tqsllib
back [SA33507] Debian update for ntp
back [SA33504] Debian update for bind9
back [SA33499] Debian update for gforge
back [SA33494] FreeBSD update for bind
back [SA33485] libmikmod Denial of Service Vulnerabilities
back [SA33454] Red Hat update for bind
back [SA33527] rPath update for samba, samba-client, and samba-server
back [SA33520] Red Hat update for avahi
back [SA33492] rPath update for samba
back [SA33475] Gentoo update for avahi
back [SA33545] Fedora update for nfs-utils
back [SA33540] Red Hat Certificate Server Information Disclosure
back [SA33539] Ubuntu hplip Privilege Escalation Security Issue
back [SA33530] Ubuntu update for cups and cupsys
back [SA33512] Gentoo update for jhead
back [SA33477] Linux Kernel 64bit ABI System Call Parameter Sign Extension Security Issue
back [SA33455] Red Hat update for kernel
back [SA33453] Asterisk User Account Enumeration Weakness
back [SA33516] Sun Solaris "aio_suspend()" Integer Overflow Vulnerability
back [SA33510] Gentoo update for dbus
back [SA33498] Debian update for zaptel
back [SA33488] Sun Solaris "lpadmin" and "ppdmgr" Denial of Service Vulnerabilities
back [SA33519] pfSense update for lukemftpd and openssl
back [SA33479] Cisco IronPort Products Multiple Vulnerabilities
back [SA33456] WebSphere DataPower XML Security Gateway XS40 Denial of Service
back [SA33461] Cisco IOS HTTP Server Two Cross-Site Scripting Vulnerabilities
back [SA33464] Cisco ONS Products Denial of Service Vulnerability
back [SA33534] BlackBerry Products PDF Distiller Multiple Vulnerabilities
back [SA33526] Oracle BEA WebLogic Server Multiple Vulnerabilities
back [SA33525] Oracle Products Multiple Vulnerabilities
back [SA33465] Realtor 747 "INC_DIR" File Inclusion Vulnerability
back [SA33535] Oracle BEA WebLogic Portal Security Bypass Vulnerability
back [SA33533] phpList "_SERVER[ConfigFile]" Local File Inclusion Vulnerability
back [SA33490] AN Guestbook "country" Script Insertion Vulnerability
back [SA33486] Joomla JA Showcase Component "catid" SQL Injection Vulnerability
back [SA33484] Fast Guest Book Two SQL Injection Vulnerabilities
back [SA33480] phpMDJ "id_animateur" SQL Injection Vulnerability
back [SA33476] Weight Loss Recipe Book Two SQL Injection Vulnerabilities
back [SA33474] SocialEngine "classifiedcat_id" SQL Injection Vulnerability
back [SA33471] Photobase "language" Local File Inclusion Vulnerability
back [SA33470] DevIL "iGetHdrHeader()" Buffer Overflow Vulnerabilities
back [SA33459] Joomla Fantasy Tournament Component Multiple SQL Injection
back [SA33554] Sun Java System Access Manager Privilege Escalation Vulnerability
back [SA33553] Sun Java System Access Manager Password Disclosure Security Issue
back [SA33550] Drupal Content Translation Module Security Bypass Vulnerability
back [SA33549] Drupal Internationalization (i18n) Translation Module Security Bypass
back [SA33542] Drupal Notify Module Privilege Escalation Security Issue
back [SA33452] Openfire Multiple Vulnerabilities
back [SA33529] IBM DB2 Denial of Service Vulnerabilities
back [SA33463] RackTables Authentication Bypass Security Issue
Secunia Bulletin - 2008-54
CERT Bulletin - SB08-378
BULLETIN DETAIL
Secunia Bulletin
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-13
A vulnerability has been discovered in Triologic Media Player, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33496/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-12
Houssamix has discovered a vulnerability in Browse3D, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33483/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-13
securfrog has discovered a vulnerability in Winamp, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33478/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-01-15
Thierry Zoller has reported some vulnerabilities in Avira Antivir, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33541/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information
Released: 2009-01-15
ajann has reported a vulnerability in DMXReady SDK, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33489/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-14
ajann has reported a vulnerability in Members Area Manager, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33487/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-15
ajann has reported a vulnerability in multiple DMXReady products, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33482/
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-15
Houssamix has discovered a vulnerability in AAA EasyGrid ActiveX, which can be exploited by malicious people to overwrite arbitrary files.
Full Advisory:
http://secunia.com/advisories/33537/
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-01-15
Rob Kraus has discovered a vulnerability in TFTPUtil, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33561/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2009-01-15
Debian has issued an update for xulrunner. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33547/
Critical: Highly critical
Where: From remote
Impact: DoS, System access, Exposure of sensitive information,
Exposure of system information, Security Bypass
Released: 2009-01-14
Red Hat has issued an update for java-1.5.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33536/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: 2009-01-14
Red Hat has issued an update for java-1.6.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33528/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-12
Tobias Klein has reported some vulnerabilities in Amarok, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33505/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2009-01-13
Gentoo has issued an update for mplayer. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33503/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released: 2009-01-14
SUSE has issued an update for MozillaFirefox, MozillaThunderbird, and mozilla. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33493/
Critical: Highly critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2009-01-12
Sun has acknowledged some vulnerabilities Adobe Reader included in Solaris, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33491/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-12
A vulnerability has been discovered in FTTSS A Free Text-To-Speech System, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33473/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information, Privilege escalation, DoS, System access
Released: 2009-01-13
SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions or to gain escalated privileges, by malicious users to bypass certain security restrictions or to cause a DoS (Denial of Service), and by malicious people to disclose sensitive information, bypass certain security restrictions, conduct SQL injection and cross-site scripting attacks, to cause a DoS, or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33462/
Critical: Highly critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2009-01-13
Gentoo has issued an update for acroread. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33460/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: 2009-01-12
SUSE has issued an update for Sun Java. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, cause a DoS (Denial of service), or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33457/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-15
Slackware has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33557/
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2009-01-15
A vulnerability with an unknown impact has been reported in IBM Hardware Management Console (HMC).
Full Advisory:
http://secunia.com/advisories/33518/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-13
Red Hat has issued an update for squirrelmail. This fixes a vulnerability, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33517/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-13
Debian has issued an update for openssl and openssl097. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33515/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-01-12
Gentoo has issued an update for pdnsd. This fixes some vulnerabilities, which can be exploited by malicious people to poison the DNS cache and cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33513/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-01-12
Gentoo has issued an update for ndiswrapper. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33511/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-12
Gentoo has issued an update for streamripper. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33509/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-12
Gentoo has acknowledged a vulnerability in tremulous and tremulous-bin, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33508/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Released: 2009-01-13
Gentoo has issued an update for online-bookmarks. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33502/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing
Released: 2009-01-15
Gentoo has issued an update for gnutls. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33501/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-12
Debian has issued an update for lasso. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33497/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-15
Slackware has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33559/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-15
Slackware has issued an update for ntp. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33558/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2009-01-15
Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33556/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-15
OpenBSD has issued an update for named. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33551/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-15
Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33546/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-15
Fedora has issued an update for tqsllib. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33543/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-13
Debian has issued an update for ntp. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33507/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-13
Debian has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33504/
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-12
Debian has issued an update for gforge. This fixes a vulnerability, which can be exploited by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33499/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-15
FreeBSD has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33494/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2009-01-15
Some vulnerabilities have been reported in libmikmod, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33485/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-09
Red Hat has issued an update for bind. This fixes a vulnerability, which potentially can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33454/
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2009-01-14
rPath has issued an update for samba, samba-client, and samba-server.
This fixes a vulnerability, which can potentially be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33527/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2009-01-13
Red Hat has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33520/
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: 2009-01-14
rPath has issued an update for samba. This fixes a vulnerability, which potentially can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33492/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2009-01-15
Gentoo has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33475/
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2009-01-15
Fedora has acknowledged a weakness in nfs-utils, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33545/
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2009-01-15
Red Hat has acknowledged some security issues in Red Hat Certificate Server, which can be exploited by malicious, local users to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/33540/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2009-01-14
Ubuntu has acknowledged a security issue in hplip, which can be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33539/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2009-01-13
Ubuntu has issued an update for cups and cupsys. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33530/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2009-01-12
Gentoo has issued an update for jhead. This fixes some security issues, which can be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33512/
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2009-01-14
A security issue has been reported in the Linux Kernel, which can be exploited by malicious, local users to potentially cause a DoS (Denial of Service) or gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33477/
Critical: Less critical
Where: Local system
Impact: Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS
Released: 2009-01-09
Red Hat has issued an update for the kernel. This fixes some security issues and vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, bypass certain security restrictions, and gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33455/
Critical: Not critical
Where: From local network
Impact: Exposure of system information
Released: 2009-01-09
A weakness has been reported in Asterisk, which can be exploited by malicious people to identify valid user accounts.
Full Advisory:
http://secunia.com/advisories/33453/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-01-12
Tobias Klein has reported a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33516/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-01-12
Gentoo has issued an update for dbus. This fixes a weakness, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33510/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2009-01-12
Debian has issued an update for zaptel. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33498/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-01-15
Some vulnerabilities have been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33488/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing
Released: 2009-01-12
pfSense has acknowledged some vulnerabilities in pfSense, which can be exploited by malicious people to conduct cross-site request forgery or spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33519/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2009-01-15
Some vulnerabilities have been reported in Cisco IronPort products, which can be exploited by malicious people to disclose sensitive information or conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33479/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-01-13
A vulnerability has been reported in IBM DataPower XS40, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33456/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-15
Two vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33461/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2009-01-15
A vulnerability has been reported in several Cisco ONS products, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33464/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2009-01-13
Some vulnerabilities have been reported in BlackBerry Enterprise Server and BlackBerry Unite!, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33534/
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2009-01-14
Some vulnerabilities have been reported in Oracle BEA WebLogic Server, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, cause a DoS (Denial of Service), and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33526/
Critical: Highly critical
Where: From remote
Impact: Unknown, Cross Site Scripting, Manipulation of data,
Privilege escalation, DoS, System access
Released: 2009-01-14
Some vulnerabilities have been reported in various Oracle products.
Some have unknown impact while others can be exploited by malicious users to conduct SQL injection attacks or manipulate certain data, and by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33525/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-14
ahmadbady has discovered a vulnerability in Realtor 747, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33465/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2009-01-14
A vulnerability has been reported in Oracle BEA WebLogic Portal, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33535/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2009-01-15
AmnPardaz Security Research Team has discovered a vulnerability in phpList, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33533/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-15
A vulnerability has been discovered in AN Guestbook, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33490/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-12
EcHoLL has reported a vulnerability in the JA Showcase component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33486/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-14
Moudi has discovered two vulnerabilities in Fast Guest Book, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33484/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-14
darkjoker has discovered a vulnerability in phpMDJ, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33480/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-14
x0r has discovered two vulnerabilities in Weight Loss Recipe Book, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33476/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-12
A vulnerability has been reported in SocialEngine, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33474/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2009-01-12
A vulnerability has been reported in Photobase, which can be exploited by malicious people to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/33471/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-13
Secunia Research has discovered two vulnerabilities in DevIL, which can be exploited by malicious people to compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/33470/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-14
H!tm@N has reported some vulnerabilities in the Fantasy Tournament Component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33459/
Critical: Less critical
Where: From remote
Impact: Privilege escalation
Released: 2009-01-15
A vulnerability has been reported in Sun Java System Access Manager, which can be exploited by malicious users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33554/
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2009-01-15
A security issue has been reported in Sun Java System Access Manager, which can be exploited by malicious users to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33553/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2009-01-15
A vulnerability has been reported in the Content Translation module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33550/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2009-01-15
A vulnerability has been reported in the Internationalization (i18n) Translation module for Drupal, which can be exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33549/
Critical: Less critical
Where: From remote
Impact: Privilege escalation
Released: 2009-01-15
A security issue has been reported in the Notify module for Drupal, which can be exploited by malicious users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33542/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2009-01-09
Some vulnerabilities have been discovered in Openfire, which can be exploited by malicious people to conduct cross-site scripting attacks, and by malicious users to conduct script insertion attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33452/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2009-01-14
Some vulnerabilities have been reported in IBM DB2, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33529/
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2009-01-13
A security issue has been reported in RackTables, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33463/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products