Report date: February 16, 2009 Date posted: February 16, 2009
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant None relevant back [SA33892] Becky! Internet Mail Read Receipt Request Vulnerability
back [SA33924] GeoVision Digital Video Surveillance System Directory Traversal Vulnerability
back [SA33907] Craft Silicon Banking@Home "LoginName" SQL Injection
back [SA33877] w3b|cms Multiple SQL Injection Vulnerabilities
back [SA33874] A Better Member-Based ASP Photo Gallery "entry" SQL Injection
back [SA33873] Bahar Download Script "kid" SQL Injection Vulnerability
back [SA33879] FotoWeb "s" Cross-Site Scripting Vulnerability
back [SA33867] Trend Micro InterScan Web Security Suite Security Bypass
back [SA33869] Ubuntu update for firefox-3.0 and xulrunner-1.9
back [SA33910] Red Hat update for mod_auth_mysql
back [SA33906] Avaya Products OpenSSL DSA / ECDSA "EVP_VerifyFinal()"
back [SA33900] Ubuntu update for firefox
back [SA33871] Debian update for typo3-src
back [SA33864] Red Hat update for netpbm
back [SA33859] Red Hat update for vnc
back [SA33917] Debian update for libpam-krb5
back [SA33912] Debian update for phpmyadmin
back [SA33902] Ubuntu update for firefox
back [SA33897] Debian update for boinc
back [SA33890] Fail2ban "wuftpd.conf" Denial of Service Vulnerability
back [SA33886] Novell Open Enterprise Server QuickFinder Cross-Site Scripting Vulnerabilities
back [SA33882] Avaya CMS BIND "EVP_VerifyFinal()" and "DSA_do_verify()"
back [SA33858] Red Hat update for kernel
back [SA33884] Net-snmp TCP Wrapper Information Disclosure Vulnerability
back [SA33915] IBM AIX "at" Command Privilege Escalation Vulnerability
back [SA33914] pam-krb5 File Overwrite and Privilege Escalation
back [SA33905] Avaya CMS Solaris "autofs" Kernel Module Vulnerability
back [SA33870] Wicd D-Bus Configuration Information Disclosure Security Issue
back [SA33868] libvirt "proxyReadClientSocket()" Buffer Overflow Vulnerability
back [SA33918] Debian update for libpam-heimdal
back [SA33904] Avaya CMS Solaris IP Minor Numbers Denial of Service Vulnerability
back [SA33903] Avaya CMS Solaris IP-in-IP Processing Denial of Service Vulnerability
back [SA33885] Gentoo update for sudo
back [SA33860] HP-UX NFS Denial of Service Vulnerability
back [SA33896] Netgear SSL312 Web Interface Denial of Service Vulnerability
back [SA33866] AdaptCMS Lite File Inclusion and Cross-Site Scripting
back [SA33865] SnippetMaster File Inclusion and Cross-Site Scripting Vulnerabilities
back [SA33922] Graugon Gallery Security Bypass and SQL Injection
back [SA33920] Den Dating Website Script "txtlookgender" SQL Injection
back [SA33911] Papoo CMS "pfadhier" Local File Inclusion Vulnerability
back [SA33908] Auth PHP "username" SQL Injection Vulnerability
back [SA33899] PHP-Calendar Two Information Disclosure Security Issues
back [SA33893] ilchClan "X-Forwarded-For" SQL Injection Vulnerability
back [SA33883] If-CMS "id" SQL Injection Vulnerability
back [SA33880] Tor Multiple Vulnerabilities
back [SA33878] glFusion "username" Script Insertion Vulnerability
back [SA33876] Calendarix Basic "login" SQL Injection Vulnerabilities
back [SA33875] BusinessSpace "id" SQL Injection Vulnerability
back [SA33872] Wireshark NetScreen Snoop Capture File Buffer Overflow Vulnerability
back [SA33863] Zeroboard XE "content" Script Insertion Vulnerability
back [SA33862] Yet Another NOCC "lang" Local File Inclusion Vulnerability
back [SA33857] HP OpenView Network Node Manager Multiple Vulnerabilities
back [SA33919] Drupal Advertisement Module Script Insertion Vulnerability
back [SA33894] Sajax "sajax_get_common_js()" Cross-Site Scripting Vulnerability
back [SA33891] Trend Micro InterScan Web Security "Proxy-Authorization"
back [SA33888] Pebble Cross-Site Scripting Vulnerability
back [SA33887] SilverNews "section" Local File Inclusion Vulnerability
back [SA33856] Thyme "phpinfo.php" Information Disclosure
back [SA33898] Drupal "Administer Content Types" Permission Security Issue
back [SA33881] MediaWiki Installer Cross-Site Scripting Vulnerabilities
Secunia Bulletin - 2009-7
CERT Bulletin - SB09-047
BULLETIN DETAIL
Secunia Bulletin
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2009-02-12
A vulnerability has been reported in Becky! Internet Mail, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33892/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-02-12
Dejan Levaja has reported a vulnerability in GeoVision Digital Video Surveillance System, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33924/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-02-11
Francesco Bianchino has reported a vulnerability in Craft Silicon Banking@Home, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33907/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-02-11
DNX has reported some vulnerabilities in w3b|cms, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33877/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-02-10
BackDoor has discovered a vulnerability in A Better Member-Based ASP Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33874/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-02-12
CyberGrup Lojistik has reported a vulnerability in Bahar Download Script, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33873/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-09
A vulnerability has been reported in FotoWeb, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33879/
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2009-02-09
Julien Cayssol has reported a vulnerability in Trend Micro InterScan Web Security Suite, which can be exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33867/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released: 2009-02-11
Ubuntu has issued an update for firefox-3.0 and xulrunner-1.9. This fixes some vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33869/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-02-12
Red Hat has issued an update for mod_auth_mysql. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33910/
Spoofing
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2009-02-09
Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33906/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Released: 2009-02-11
Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33900/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2009-02-11
Debian has issued an update for typo3-src. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33871/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-02-12
Red Hat has issued an update for netpbm. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/33864/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-02-12
Red Hat has issued an update for vnc. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33859/
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Privilege escalation
Released: 2009-02-12
Debian has issued an update for libpam-krb5. This fixes some vulnerabilities, which can be exploited by malicious, local users to overwrite files and to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33917/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-12
Debian has issued an update for phpmyadmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/33912/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2009-02-11
Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/33902/
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-02-09
Debian has issued an update for boinc. This fixes a vulnerability, which can potentially be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33897/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2009-02-11
A vulnerability has been reported in Fail2ban, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33890/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-12
Ivan Sanchez has reported some vulnerabilities in Novell QuickFinder Server, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33886/
Spoofing Vulnerability
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2009-02-09
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/33882/
Critical: Less critical
Where: From remote
Impact: DoS, System access
Released: 2009-02-11
Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), and by malicious people to cause a DoS or to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33858/
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-02-12
A vulnerability has been reported in Net-snmp, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33884/
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation
Released: 2009-02-11
A vulnerability has been reported in AIX, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33915/
Critical: Less critical
Where: Local system
Impact: Manipulation of data, Privilege escalation
Released: 2009-02-12
Some vulnerabilities have been reported in pam-krb5, which can be exploited by malicious, local users to overwrite files and to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33914/
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2009-02-09
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33905/
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2009-02-09
A security issue has been reported in Wicd, which can be exploited by malicious, local users to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33870/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2009-02-11
A vulnerability has been reported in libvirt, which can be exploited by malicious, local users to potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33868/
Critical: Not critical
Where: From remote
Impact: Manipulation of data, Privilege escalation
Released: 2009-02-12
Debian has issued an update for libpam-heimdal. This fixes a vulnerability, which can be exploited by malicious, local users to overwrite files and potentially to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33918/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-02-09
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33904/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-02-09
Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33903/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2009-02-09
Gentoo has issued an update for sudo. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/33885/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2009-02-06
A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33860/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2009-02-11
Rembrandt has reported a vulnerability in Netgear SSL312, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33896/
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information, System access
Released: 2009-02-10
RoMaNcYxHaCkEr has discovered some vulnerabilities in AdaptCMS Lite, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33866/
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information, System access
Released: 2009-02-10
RoMaNcYxHaCkEr has discovered some vulnerabilities in SnippetMaster, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33865/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2009-02-12
x0r has discovered some vulnerabilities in Graugon Gallery, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33922/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-02-12
nuclear has reported a vulnerability in Den Dating Website Script, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33920/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-02-11
SirGod has discovered a vulnerability in Papoo CMS, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33911/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-02-11
x0r has discovered a vulnerability in Auth PHP, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33908/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-02-09
Two security issues have been reported in PHP-Calendar, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33899/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-02-09
Gizmore has discovered a vulnerability in ilchClan, which can be exploited by malicious people to conduct SQL Injection attacks.
Full Advisory:
http://secunia.com/advisories/33893/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-02-10
darkjoker has discovered a vulnerability in If-CMS, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33883/
Critical: Moderately critical
Where: From remote
Impact: Unknown, DoS
Released: 2009-02-10
Some vulnerabilities have been reported in Tor, where one has an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/33880/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-09
A vulnerability has been reported in glFusion, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33878/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2009-02-12
Two vulnerabilities have been reported in Calendarix Basic, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33876/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2009-02-10
M.Hasran Addahroni has reported a vulnerability in BusinessSpace, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/33875/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2009-02-09
A vulnerability has been reported in Wireshark, which can be exploited by malicious people to potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/33872/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-11
make0day has discovered a vulnerability in Zeroboard XE, which can be exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33863/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2009-02-10
Kacper has discovered a vulnerability in Yet Another NOCC, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33862/
Critical: Moderately critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2009-02-06
Some vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/33857/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-12
Justin C. Klein Keane has reported a vulnerability in the Advertisement module for Drupal, which can be exploited by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/33919/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-10
Daniel Toma has discovered a vulnerability in Sajax, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33894/
Information Disclosure
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2009-02-12
david.vorel has reported a vulnerability in Trend Micro InterScan Web Security Suite and Trend Micro InterScan Web Security Virtual Appliance, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33891/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-11
A vulnerability has been reported in Pebble, which can be exploited by malicious people to conduct cross-site scripting attacks
Full Advisory:
http://secunia.com/advisories/33888/
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2009-02-09
x0r has discovered a vulnerability in SilverNews, which can be exploited by malicious users to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33887/
Critical: Less critical
Where: From remote
Impact: Exposure of system information
Released: 2009-02-11
cheverok has discovered a security issue in Thyme, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/33856/
Critical: Not critical
Where: From remote
Impact: Privilege escalation
Released: 2009-02-12
A security issue has been reported in Drupal, which can lead to unauthorised users performing actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/33898/
Critical: Not critical
Where: From remote
Impact: Cross Site Scripting
Released: 2009-02-09
Some vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/33881/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products