Report date: February 02, 2009 Date posted: February 02, 2009
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant None relevant back [SA33663] MW6 Technologies Barcode ActiveX "Supplement" Buffer
back [SA33645] Merak Media Player ToolTip Buffer Overflow Vulnerability
back [SA33642] Apple QuickTime MPEG-2 Playback Component Input Validation
back [SA33582] Symantec AppStream Client LaunchObj ActiveX Control Insecure
back [SA33574] MetaProducts MetaTreeX ActiveX Control Insecure Methods
back [SA33673] VooDoo cIRCle OpenSSL DSA / ECDSA "EVP_VerifyFinal()"
back [SA33647] ClickAuction "txtEmail" and "txtPassword" SQL Injection
back [SA33629] Web-Calendar Lite Multiple SQL Injection Vulnerabilities
back [SA33604] cwRsync OpenSSL DSA / ECDSA "EVP_VerifyFinal()" Spoofing
back [SA33602] Digital Sales IPN Database Disclosure Vulnerability
back [SA33601] Blog Manager SQL Injection and Cross Site Scripting
back [SA33596] ActionCalendar "pass" SQL Injection Vulnerability
back [SA33594] Fujitsu SystemcastWizard Lite Multiple Vulnerabilities
back [SA33579] eFAQ "str_Login" and "str_Password" SQL Injection
back [SA33578] eReservations "Login" and "Password" SQL Injection
back [SA33575] Ping IP "txtUserName" and "txtPassword" SQL Injection
back [SA33572] BlogIt! Multiple Vulnerabilities
back [SA33633] Cisco Security Manager Security Bypass Vulnerability
back [SA33664] FlexCell Grid ActiveX Control "SaveFile()" and
back [SA33598] Microsoft Windows Mobile Bluetooth Stack OBEX Directory
back [SA33597] FTPShell Server License Key Buffer Overflow Vulnerability
back [SA33591] SmartVMD ActiveX Control Multiple Insecure Methods
back [SA33588] Cisco Unified Communications Manager CAPF Denial of Service
back [SA33566] Syslserve UDP Request Denial of Service Vulnerability
back [SA33609] Trend Micro OfficeScan Client Firewall Multiple
back [SA33710] SUSE update for IBMJava5-JRE and java-1_5_0-ibm
back [SA33709] Ubuntu update for openjdk-6
back [SA33696] Sun Solaris Samba "receive_smb_raw()" Buffer Overflow
back [SA33679] Debian update for typo3-src
back [SA33676] Ubuntu update for xine-lib
back [SA33640] Fedora update for amarok
back [SA33613] Debian update for git
back [SA33607] GIT "gitweb" Command Injection Vulnerabilities
back [SA33568] SUSE Update for Multiple Packages
back [SA33722] Sun Solaris "libxml2" XML Processing Vulnerability
back [SA33715] Avaya CMS Solaris "libxml2" XML Processing Vulnerability
back [SA33714] HP MPE/iX DNS Cache Poisoning Vulnerability
back [SA33702] Avaya CMS Solaris "libike" Library Denial of Service
back [SA33699] Debian update for rt2400, rt2500, and rt2570
back [SA33689] Fedora update for vnc
back [SA33677] Fedora update for tor
back [SA33675] Ubuntu update for ktorrent
back [SA33659] SUSE update for openssl
back [SA33653] Debian update for ganglia-monitor-core
back [SA33644] Sun Solaris "libike" Library Denial of Service
back [SA33637] Fedora update for DevIL
back [SA33636] Ubuntu update for vim
back [SA33627] mod-auth-mysql SQL Injection Vulnerability
back [SA33621] rPath update for perl
back [SA33618] rPath update for openssl
back [SA33614] Gentoo update for pidgin
back [SA33608] SCMS Simple Content Management System "p" Local File
back [SA33605] Sun Solaris IPv6 Denial of Service Vulnerability
back [SA33581] DKIM-MILTER "p" Revoked Keys Denial of Service
back [SA33723] Sun Solaris mod_perl Denial of Service Vulnerability
back [SA33720] Sun Solaris mod_perl Denial of Service Vulnerability
back [SA33716] Debian update for moin
back [SA33687] No-IP Dynamic Update Client Information Disclosure
back [SA33685] SAP NetWeaver Cross-Site Scripting Vulnerability
back [SA33683] Sun Solaris BIND "EVP_VerifyFinal()" and "DSA_do_verify()"
back [SA33678] Fedora update for ntp
back [SA33674] Fedora update for kernel
back [SA33651] Web Help Desk Cross-Site Scripting Vulnerability
back [SA33648] Red Hat update for ntp
back [SA33641] SUSE update for kernel
back [SA33638] Fedora update for uw-imap
back [SA33624] Red Hat update for dovecot
back [SA33620] rPath update for bind
back [SA33619] rPath update for ntp
back [SA33615] SUSE update for kernel
back [SA33611] Red Hat update for squirrelmail
back [SA33610] Gentoo update for noip-updater
back [SA33600] SUSE update for bind
back [SA33631] Gentoo update for net-snmp
back [SA33706] Ubuntu update for kernel
back [SA33703] Fedora update for dia
back [SA33693] Red Hat Certificate Server Information Disclosure and
back [SA33672] Dia Insecure Python Module Search Path Vulnerability
back [SA33665] Sun Solaris "autofs" Kernel Module Denial of Service and
back [SA33630] Gentoo update for scilab
back [SA33586] Red Hat update for kernel
back [SA33567] Ubuntu update for tar
back [SA33628] Avaya CMS Solaris "rpc.metad" Denial of Service
back [SA33727] Sun Solaris IP-in-IP Processing Denial of Service
back [SA33708] Avaya CMS Solaris Pseudo-Terminal Driver Denial of Service
back [SA33705] Avaya CMS Solaris "lpadmin" and "ppdmgr" Denial of Service
back [SA33662] Sun Solaris Pseudo-Terminal Driver Denial of Service
back [SA33656] Linux Kernel dell_rbu Denial of Service Security Issues
back [SA33639] Fedora update for moodle
back [SA33623] Red Hat update for kernel
back [SA33569] Linux Kernel "keyctl_join_session_keyring()" Denial of
back [SA33616] Sony Ericsson Phones WAP Push Denial of Service
back [SA33726] Sun Fire X2100 / X2200 Embedded Lights Out Manager Security
back [SA33585] Sun SPARC Enterprise M4000 / M5000 Server XSCFU Security
back [SA33603] AXIS 70U Network Document Server File Inclusion and
back [SA33711] FFmpeg 4xm Processing Memory Corruption Vulnerability
back [SA33691] WB News "config[installdir]" Multiple File Inclusion
back [SA33650] GStreamer Good Plug-ins QuickTime Processing Vulnerabilities
back [SA33632] Apple QuickTime Multiple Vulnerabilities
back [SA33617] Typo3 Multiple Vulnerabilities
back [SA33564] GNUBoard "g4_path" File Inclusion Vulnerability
back [SA33719] IMP Cross-Site Scripting and Script Insertion
back [SA33701] SocialEngine "category_id" SQL Injection Vulnerability
back [SA33695] Horde / Horde Groupware Cross-Site Scripting and File
back [SA33690] Pixie CMS Multiple Local File Inclusion Vulnerabilities
back [SA33686] Gazelle CMS "template" Local File Inclusion Vulnerability
back [SA33671] VirtueMart Multiple SQL Injection Vulnerabilities
back [SA33669] GameScript Cross-Site Scripting and SQL Injection
back [SA33666] ITLPoll "id" SQL Injection Vulnerability
back [SA33661] Script Toko Online "cat_id" SQL Injection Vulnerability
back [SA33660] SHOP-INET "grid" SQL Injection Vulnerability
back [SA33658] Max.Blog "username" SQL Injection Vulnerability
back [SA33654] Wazzum Dating Software "userid" SQL Injection Vulnerability
back [SA33652] KEEP Toolkit "patUser.php" SQL Injection Vulnerability
back [SA33649] GLinks "cat" SQL Injection Vulnerability
back [SA33646] Joomla Flash Magazine Deluxe Component "mag_id" SQL
back [SA33643] Futomi's CGI Cafe Search CGI Password Reset Vulnerability
back [SA33635] Tor Unspecified Memory Corruption Vulnerability
back [SA33626] MemHT Portal Avatar File Upload Vulnerability
back [SA33625] Flax Article Manager "cat_id" SQL Injection Vulnerability
back [SA33622] RoundCube Webmail Script Insertion Vulnerability
back [SA33612] Joomla BazaarBuilder Shopping Cart Component "cid" SQL
back [SA33606] FhImage PHP Code Execution Vulnerability
back [SA33595] Free Bible Search PHP Script SQL Injection Vulnerability
back [SA33592] Ralink Wireless Drivers Probe Request Processing
back [SA33590] Max.Blog Security Bypass and SQL Injection
back [SA33589] AJ Auction Pro "id" SQL Injection Vulnerability
back [SA33587] Dodo's Quiz Script "n" Local File Inclusion Vulnerability
back [SA33584] RCBlog "password.txt" Information Disclosure Security Issue
back [SA33583] AV Book Library Multiple SQL Injection Vulnerabilities
back [SA33580] PHPads Multiple Vulnerabilities
back [SA33573] Ninja Blog "cat" File Inclusion Vulnerability
back [SA33570] AJ Classifieds Multiple Products File Upload Vulnerability
back [SA33563] Joomla Eventing Component "catid" SQL Injection
back [SA33562] Joomla RD-Autos Component "id" SQL Injection Vulnerability
back [SA33667] EMC AutoStart Backbone Engine Code Execution Vulnerability
back [SA33713] HP Select Access Cross-Site Scripting Vulnerability
back [SA33698] Domain Technologie Control Multiple SQL Injection
back [SA33697] GraphicsMagick DIB and BMP Denial of Service Vulnerabilities
back [SA33684] ConPresso CMS Session Fixation and Cross-Site Scripting
back [SA33680] GLPI SQL Injection Vulnerabilities
back [SA33670] Simple Machines Forum "packages.xml" Cross-Site Scripting
back [SA33668] CA Cohesion Application Configuration Manager Apache Tomcat
back [SA33657] Piggydb Cross-Site Scripting Vulnerability
back [SA33655] htmLawed Unspecified Cross-Site Scripting Vulnerabilities
back [SA33599] Fedora update for drupal
back [SA33593] MoinMoin Multiple Cross Site Scripting Vulnerabilities
back [SA33577] Joomla! WebAmoeba Ticket System Component "catid" SQL
back [SA33576] Apache Jackrabbit webapp Cross-Site Scripting
back [SA33565] LemonLDAP::NG User Enumeration and Cross-Site Scripting
back [SA33712] CA Anti-Virus Engine Archive Files Detection Bypass
back [SA33688] Sun Java System Access Manager User Enumeration Weakness
Secunia Bulletin - 2008-56
CERT Bulletin - SB08-392
BULLETIN DETAIL
Secunia Bulletin
Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-27
Houssamix has discovered a vulnerability in the MW6 Technologies
Barcode ActiveX control, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33663/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-26
Houssamix has discovered a vulnerability in Merak Media Player, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33645/
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-22
A vulnerability has been reported in the Apple QuickTime MPEG-2
Playback component, which can potentially be exploited by malicious
people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33642/
Methods
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-16
A vulnerability has been reported in Symantec AppStream Client, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33582/
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2009-01-19
Houssamix has discovered two vulnerabilities in MetaProducts MetaTreeX
Control, which can be exploited by malicious people to overwrite
arbitrary files and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33574/
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-26
A vulnerability has been reported in VooDoo cIRCle, which can be
exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33673/
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-01-27
R3d D3v!L has reported some vulnerabilities in ClickAuction, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33647/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-01-26
ByALBAYX has reported some vulnerabilities in Web-Calendar Lite, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33629/
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-19
A vulnerability has been reported in cwRsync, which can be exploited by
malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33604/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2009-01-19
Moudi has discovered a vulnerability in Digital Sales IPN, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33602/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2009-01-19
Pouya_Server has reported some vulnerabilities in Blog Manager, which
can be exploited by malicious people to conduct SQL injection and
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33601/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-01-19
A vulnerability has been reported in ActionCalendar, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33596/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, DoS, System access
Released: 2009-01-20
Some vulnerabilities have been reported in Fujitsu SystemcastWizard
Lite, which can be exploited by malicious people to disclose sensitive
information or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33594/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-01-19
ByALBAYX has reported some vulnerabilities in eFAQ, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33579/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-01-19
ByALBAYX has reported some vulnerabilities in eReservations, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33578/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-01-19
ByALBAYX has reported two vulnerabilities in Ping IP, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33575/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2009-01-19
Some vulnerabilities have been discovered in BlogIt!, which can be
exploited by malicious people to conduct SQL injection and cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/33572/
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, Manipulation of data
Released: 2009-01-22
A vulnerability has been reported in Cisco Security Manager, which can
be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/33633/
"ExportToXML()" Insecure Methods
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-27
Houssamix has discovered two vulnerabilities in the FlexCell Grid
ActiveX control, which can be exploited by malicious people to
overwrite arbitrary files.
Full Advisory:
http://secunia.com/advisories/33664/
Traversal
Critical: Less critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information
Released: 2009-01-27
Alberto Moreno Tablado has reported a vulnerability in Microsoft
Windows Mobile, which can be exploited by malicious users to disclose
sensitive information and bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33598/
Critical: Less critical
Where: From remote
Impact: System access
Released: 2009-01-23
Gjoko 'LiquidWorm' Krstic has discovered a vulnerability in FTPShell
Server, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/33597/
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-21
Houssamix has discovered two vulnerabilities in SmartVMD ActiveX
Control, which can be exploited by malicious people to overwrite and
delete arbitrary files.
Full Advisory:
http://secunia.com/advisories/33591/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2009-01-22
A vulnerability has been reported in Cisco Unified Communications
Manager, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/33588/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2009-01-16
Rob Kraus has reported a vulnerability in Syslserve, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33566/
Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Security Bypass, Privilege escalation, DoS
Released: 2009-01-20
Secunia Research has discovered some vulnerabilities in Trend Micro
OfficeScan Client, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), bypass certain security features, and
potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33609/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: 2009-01-29
SUSE has issued an update for IBMJava5-JRE and java-1_5_0-ibm. This
fixes some vulnerabilities, which can be exploited by malicious people
to bypass certain security restrictions, disclose sensitive
information, cause a DoS (Denial of service), or compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/33710/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: 2009-01-29
Ubuntu has issued an update for openjdk-6. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, disclose sensitive information, cause a
DoS (Denial of service), or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33709/
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-29
Sun has acknowledged a vulnerability in Samba in Solaris, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33696/
Critical: Highly critical
Where: From remote
Impact: Hijacking, Security Bypass, Cross Site Scripting, System
access
Released: 2009-01-27
Debian has issued an update for typo3-src. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and session
fixation attacks, and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33679/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2009-01-27
Ubuntu has issued an update for xine-lib. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33676/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-22
Fedora has issued an update for amarok. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33640/
Critical: Highly critical
Where: From remote
Impact: Privilege escalation
Released: 2009-01-20
Debian has issued an update for git. This fixes a security issue and
some vulnerabilities, which can be exploited by malicious, local users
to gain escalated privileges, and by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/33613/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-20
Some vulnerabilities have been reported in GIT, which can be exploited
by malicious people to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33607/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Privilege escalation, DoS, System access
Released: 2009-01-19
SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
potentially gain escalated privileges, bypass certain security
restrictions, or cause a DoS (Denial of Service), and by malicious
people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33568/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-01-29
Sun has acknowledged a vulnerability in libxml2 in Solaris, which can
be exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/33722/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-01-29
Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/33715/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-29
HP has acknowledged a vulnerability in MPE/iX, which can be exploited
by malicious people to poison the DNS cache.
Full Advisory:
http://secunia.com/advisories/33714/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-01-29
Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33702/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-01-29
Debian has issued an update for rt2400, rt2500, and rt2570. This fixes
a vulnerability, which can be exploited to cause a DoS (Denial of
Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33699/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-01-27
Fedora has issued an update for vnc. This fixes a vulnerability, which
can potentially be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/33689/
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2009-01-26
Fedora has issued an update for tor. This fixes a vulnerability with an
unknown impact.
Full Advisory:
http://secunia.com/advisories/33677/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, System access
Released: 2009-01-27
Ubuntu has issued an update for ktorrent. This fixes some
vulnerabilities, which can be exploited by malicious users to
compromise a vulnerable system and malicious people to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/33675/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-26
SUSE has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.
Full Advisory:
http://secunia.com/advisories/33659/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-26
Debian has issued an update for ganglia-monitor-core. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33653/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-01-28
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33644/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-22
Fedora has issued an update for DevIL. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise an application
using the library.
Full Advisory:
http://secunia.com/advisories/33637/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-27
Ubuntu has issued an update for vim. This fixes a weakness and a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/33636/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-23
A vulnerability has been reported in mod-auth-mysql, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33627/
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2009-01-21
rPath has issued an update for perl. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges and by malicious people to cause a DoS (Denial of Service)
and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33621/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-01-21
rPath has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to conduct spoofing
attacks.
Full Advisory:
http://secunia.com/advisories/33618/
Critical: Moderately critical
Where: From remote
Impact: Spoofing, DoS, System access
Released: 2009-01-21
Gentoo has issued an update for pidgin. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to conduct spoofing attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33614/
Inclusion
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2009-01-19
A vulnerability has been discovered in SCMS Simple Content Management
System, which can be exploited by malicious people to disclose
potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/33608/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-01-26
Kingcope has discovered a vulnerability in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33605/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-01-19
A vulnerability has been reported in DKIM-MILTER, which can be
exploited by malicious people to conduct DoS (Denial of Service)
attacks.
Full Advisory:
http://secunia.com/advisories/33581/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2009-01-29
Sun has acknowledged a vulnerability in Sun Solaris, which can
potentially be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/33723/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2009-01-29
Sun has acknowledged a vulnerability in Sun Solaris, which can
potentially be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/33720/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-29
Debian has issued an update for moin. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/33716/
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2009-01-29
A security issue has been reported in No-IP Dynamic Update Client,
which can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/33687/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-27
A vulnerability has been reported in SAP NetWeaver, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33685/
Spoofing Vulnerability
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-28
Sun has acknowledged a vulnerability in Sun Solaris, which can be
exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33683/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-26
Fedora has issued an update for ntp. This fixes a vulnerability, which
can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33678/
Critical: Less critical
Where: From remote
Impact: Privilege escalation, DoS
Released: 2009-01-27
Fedora has issued an update for the kernel. This fixes a security
issue, which can be exploited by malicious, local users to potentially
cause a DoS (Denial of Service) or gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33674/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-26
A vulnerability has been reported in Web Help Desk, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33651/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-29
Red Hat has issued an update for ntp. This fixes a vulnerability, which
can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33648/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2009-01-22
SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), and by malicious people to cause a DoS
and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33641/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2009-01-22
Fedora has issued an update for uw-imap. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/33638/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2009-01-21
Red Hat has issued an update for dovecot. This fixes a security issue,
which can be exploited by malicious users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/33624/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-21
rPath has issued an update for bind. This fixes a vulnerability, which
can potentially be exploited by malicious people to conduct spoofing
attacks.
Full Advisory:
http://secunia.com/advisories/33620/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-21
rPath has issued an update for ntp. This fixes a vulnerability, which
can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33619/
Critical: Less critical
Where: From remote
Impact: Security Bypass, Privilege escalation, DoS, System access
Released: 2009-01-21
SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), bypass certain security restrictions,
and potentially gain escalated privileges, and by malicious people to
cause a DoS and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33615/
Critical: Less critical
Where: From remote
Impact: Hijacking
Released: 2009-01-20
Red Hat has issued an update for squirrelmail. This fixes a
vulnerability, which can be exploited by malicious people to conduct
session fixation attacks.
Full Advisory:
http://secunia.com/advisories/33611/
Critical: Less critical
Where: From remote
Impact: System access
Released: 2009-01-19
Gentoo has issued an update for noip-updater. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33610/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-01-22
SUSE has issued an update for bind. This fixes a vulnerability, which
potentially can be exploited by malicious people to conduct spoofing
attacks.
Full Advisory:
http://secunia.com/advisories/33600/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2009-01-22
Gentoo has issued an update for net-snmp. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/33631/
Critical: Less critical
Where: Local system
Impact: DoS
Released: 2009-01-29
Ubuntu has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users and
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33706/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2009-01-27
Fedora has issued an update for dia. This fixes a vulnerability, which
can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/33703/
Security Bypass
Critical: Less critical
Where: Local system
Impact: Security Bypass, Exposure of sensitive information
Released: 2009-01-29
Red Hat has acknowledged some security issues in Red Hat Certificate
Server, which can be exploited by malicious, local users to bypass
certain security restrictions and to disclose potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/33693/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2009-01-27
A vulnerability has been reported in Dia, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33672/
Privilege Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2009-01-28
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of Service)
and potentially to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33665/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2009-01-22
Gentoo has issued an update for scilab. This fixes some security
issues, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33630/
Critical: Less critical
Where: Local system
Impact: Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS
Released: 2009-01-22
Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information, bypass certain security
restrictions, potentially gain escalated privileges, and cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/33586/
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2009-01-16
Ubuntu has issued an update for tar. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/33567/
Vulnerability
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2009-01-22
Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33628/
Vulnerability
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-01-29
Sun has acknowledged a vulnerability in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/33727/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-01-29
Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/33708/
Vulnerabilities
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-01-29
Avaya has acknowledged some vulnerabilities in Amaya CMS, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/33705/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-01-28
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/33662/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-01-26
Two security issues have been reported in the Linux Kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/33656/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2009-01-22
Fedora has issued an update for moodle. This fixes some security
issues, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33639/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-01-21
Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33623/
Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-01-19
A vulnerability has been reported in the Linux Kernel, which
potentially can be exploited by malicious, local users to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/33569/
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2009-01-29
A vulnerability has been reported in various Sony Ericsson phones,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/33616/
Bypass
Critical: Moderately critical
Where: From local network
Impact: Security Bypass
Released: 2009-01-29
A vulnerability has been reported in Sun Fire X2100 and X2200 M2
Server, which can be exploited by malicious people to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/33726/
Bypass
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, System access
Released: 2009-01-22
A vulnerability has been reported in Sun SPARC M4000 / M5000 Server,
which can be exploited by malicious people to bypass certain security
restrictions and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33585/
Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Privilege escalation
Released: 2009-01-22
Some vulnerabilities have been reported in AXIS 70U Network Document
Server, which can be exploited by malicious users to gain escalated
privileges and by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/33603/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2009-01-29
Tobias Klein has reported a vulnerability in FFmpeg, which potentially
can be exploited by malicious people to compromise an application using
the library.
Full Advisory:
http://secunia.com/advisories/33711/
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-27
HACKERS PAL has discovered some vulnerabilities in WB News, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33691/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2009-01-23
Tobias Klein has reported some vulnerabilities in GStreamer Good
Plug-ins, which can potentially be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33650/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-01-22
Some vulnerabilities have been reported in Apple QuickTime, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33632/
Critical: Highly critical
Where: From remote
Impact: Hijacking, Security Bypass, Cross Site Scripting, System
access
Released: 2009-01-21
Some vulnerabilities have been reported in Typo3, which can be
exploited by malicious people to bypass certain security restrictions,
conduct cross-site scripting and session fixation attacks, and
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33617/
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2009-01-16
flyh4t has discovered a vulnerability in GNUBoard, which can be
exploited by malicious people to disclose sensitive information or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33564/
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-28
Some vulnerabilities have been reported in IMP, which can be exploited
by malicious people to conduct cross-site scripting or script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/33719/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-29
Snakespc has discovered a vulnerability in SocialEngine, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33701/
Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2009-01-28
Some vulnerabilities have been reported in Horde and Horde Groupware,
which can be exploited by malicious people to conduct cross-site
scripting attacks and disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/33695/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-01-28
DSecRG has discovered some vulnerabilities in Pixie CMS, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33690/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-01-28
fuzion has discovered a vulnerability in Gazelle CMS, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33686/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-27
Some vulnerabilities have been discovered in VirtueMart, which can be
exploited by malicious people and users to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/33671/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2009-01-28
Encrypt3d.M!nd has reported some vulnerabilities in GameScript, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33669/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-27
fuzion has discovered a vulnerability in ITLPoll, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33666/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-27
k1n9k0ng has reported a vulnerability in Script Toko Online, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33661/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-27
A vulnerability has been reported in SHOP-INET, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33660/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-29
A vulnerability has been discovered in Max.Blog, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33658/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-27
nuclear has reported a vulnerability in Wazzum Dating Software, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33654/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-26
A vulnerability has been reported in KEEP Toolkit, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33652/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-27
nuclear has discovered a vulnerability in GLinks, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33649/
Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-27
TurkGuvenligi has reported a vulnerability in the Flash Magazine Deluxe
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33646/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2009-01-23
A vulnerability has been reported in Futomi's CGI Cafe Search CGI,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/33643/
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2009-01-22
A vulnerability with an unknown impact has been reported in Tor.
Full Advisory:
http://secunia.com/advisories/33635/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-26
A vulnerability has been discovered in MemHT Portal, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33626/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-26
jiko has reported a vulnerability in Flax Article Manager, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33625/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-21
Julien Cayssol has reported a vulnerability in RoundCube Webmail, which
can be exploited by malicious people to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/33622/
Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-22
XaDoS has reported a vulnerability in the BazaarBuilder Shopping Cart
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33612/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-21
Osirys has discovered a vulnerability in FhImage, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33606/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-20
A vulnerability has been reported in Free Bible Search PHP Script,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/33595/
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-01-23
A vulnerability has been reported in Ralink Technology Wireless
Drivers, which can be exploited to cause a DoS (Denial of Service) or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33592/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-01-21
Some vulnerabilities have been discovered in Max.Blog, which can be
exploited by malicious people to bypass certain security restrictions
and conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33590/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-21
Snakespc has reported a vulnerability in AJ Auction Pro, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33589/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-01-21
cOndemned has discovered a vulnerability in Dodo's Quiz Script, which
can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/33587/
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation
Released: 2009-01-20
Danny Moules has discovered a security issue in RCBlog, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33584/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-19
Some vulnerabilities have been reported in AV Book Library, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33583/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information
Released: 2009-01-20
Danny Moules has discovered a security issue and a vulnerability in
PHPads, which can be exploited by malicious people to disclose
sensitive information and by malicious users to conduct script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/33580/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-01-20
Danny Moules has discovered a vulnerability in Ninja Blog, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33573/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2009-01-21
A vulnerability has been reported in multiple AJ Classifieds products,
which can be exploited by malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/33570/
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-16
Cyb3R-1st has reported a vulnerability in the Eventing component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/33563/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-16
H!tm@N has discovered a vulnerability in the RD-Autos component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/33562/
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2009-01-26
A vulnerability has been reported in EMC AutoStart, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33667/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-29
A vulnerability has been reported in HP Select Access, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33713/
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-28
Some vulnerabilities have been reported in Domain Technologie Control,
which can be exploited by malicious users to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/33698/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2009-01-28
Some vulnerabilities have been reported in GraphicsMagick, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33697/
Critical: Less critical
Where: From remote
Impact: Hijacking, Cross Site Scripting
Released: 2009-01-27
David Vieira-Kurz has discovered some vulnerabilities in ConPresso,
which can be exploited by malicious people to conduct session fixation
and script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33684/
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-27
Some vulnerabilities have been reported in GLPI, which can be exploited
by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33680/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-28
Xianur0 has discovered a vulnerability in Simple Machines Forum, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/33670/
Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of
sensitive information, DoS
Released: 2009-01-26
CA has acknowledged some vulnerabilities in various CA Cohesion
Application Configuration Manager, which can be exploited by malicious
people to bypass certain security restrictions, disclose sensitive
information, conduct cross-site scripting attacks, or cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/33668/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-27
A vulnerability has been reported in Piggydb, which can be exploited by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33657/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-29
Some vulnerabilities have been reported in htmLawed, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33655/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2009-01-19
Fedora has issued an update for drupal. This fixes a vulnerability,
which can be exploited by malicious users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/33599/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-21
Some vulnerabilities have been reported in MoinMoin, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33593/
Injection
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2009-01-20
Cyb3R-1st has reported a vulnerability in the WebAmoeba Ticket System
component for Joomla!, which can be exploited by malicious users to
conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33577/
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-01-20
Some vulnerabilities have been reported in Apache Jackrabbit, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/33576/
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Cross Site Scripting
Released: 2009-01-16
A weakness and a vulnerability have been reported in LemonLDAP::NG,
which can be exploited by malicious people to identify valid user
accounts and conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33565/
Critical: Not critical
Where: From remote
Impact: Security Bypass
Released: 2009-01-28
Some weaknesses have been reported in various CA products, which can be
exploited by malware to bypass the scanning functionality.
Full Advisory:
http://secunia.com/advisories/33712/
Critical: Not critical
Where: From remote
Impact: Exposure of system information
Released: 2009-01-28
A weakness has been reported in Sun Java System Access Manager, which
can be exploited by malicious people to identify valid user accounts.
Full Advisory:
http://secunia.com/advisories/33688/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products