Report date: November 03, 2008 Date posted: November 03, 2008
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant back [SA32455] Blaze Media Pro NMSDVDX ActiveX Control Insecure Methods
back [SA32411] TUGzip .zip File Buffer Overflow Vulnerability
back [SA32414] Persia BME E-Catalogue "q" SQL Injection
back [SA32409] Ocean12 Products .mdb Database Disclosure Security Issues
back [SA32395] Novell eDirectory NCP Unspecified Vulnerability
back [SA32444] Citrix Web Interface Improper Session Termination Security Issue
back [SA32461] Debian update for openoffice.org
back [SA32436] Red Hat update for java-1.6.0-ibm
back [SA32402] Ads Pro "page" Command Execution Vulnerability
back [SA32400] Ubuntu update for moodle
back [SA32394] SUSE Update for Multiple Packages
back [SA32454] rPath update for pcre
back [SA32453] rPath update for libxslt
back [SA32448] Red Hat update for flash-plugin
back [SA32447] KTorrent 2 Web Interface Torrent Upload and PHP Code Injection
back [SA32442] KTorrent Web Interface Torrent Upload and PHP Code Injection
back [SA32437] Red Hat update for java-1.5.0-ibm
back [SA32430] Venalsur Booking Centre SQL Injection and Cross-Site Scripting
back [SA32424] Debian update for clamav
back [SA32401] NetBSD ICMPv6 "Packet Too Big" MTU Denial of Service Vulnerability
back [SA32396] Debian update for libspf2
back [SA32471] Fedora update for dovecot
back [SA32446] Ubuntu update for moodle
back [SA32441] Fedora update for drupal
back [SA32475] Fedora update for libtirpc
back [SA32406] NetBSD IPv6 Neighbor Discovery Protocol Neighbor Solicitation Vulnerability
back [SA32403] libtirpc "__rpc_taddr2uaddr_af()" Denial of Service Vulnerability
back [SA32420] JHead "DoCommand()" Shell Command Injection Security Issue
back [SA32393] Ubuntu update for linux
back [SA32460] Fedora update for ed
back [SA32416] Red Hat update for lynx
back [SA32407] Lynx Insecure ".mailcap" and ".mime.types" Search Path Weakness
back [SA32452] Opera Command Execution and Cross-Site Scripting
back [SA32433] H2O-CMS Cookie Security Bypass and Code Execution Vulnerabilities
back [SA32419] OpenOffice WMF and EMF Processing Buffer Overflows
back [SA32412] NEPT Image Uploader uploadp.php File Upload Vulnerability
back [SA32467] Harlandscripts Pro Traffic One "trg" SQL Injection Vulnerability
back [SA32466] IBM Lotus Connections Multiple Vulnerabilities
back [SA32451] MyBB Multiple Vulnerabilities
back [SA32443] SUSE update for kernel
back [SA32439] phplist "connector.php" File Extension Validation Vulnerability
back [SA32438] WebGUI "loadModule()" Arbitrary Perl Code Execution Vulnerability
back [SA32431] All In One Control Panel (AIOCP) "poll_id" SQL Injection
back [SA32427] tlAds "tlAds_login" Cookie Security Bypass
back [SA32422] H&H WebSoccer "id" SQL Injection Vulnerability
back [SA32413] Aj Square RSS Reader "url" SQL Injection Vulnerability
back [SA32410] KVIrc "irc://" URI Handling Format String Vulnerability
back [SA32408] PHP-Daily File Disclosure and SQL Injection Vulnerabilities
back [SA32405] tlNews "tlNews_login" Cookie Security Bypass
back [SA32404] SiteEngine SQL Injection and Information Disclosure Vulnerabilities
back [SA32397] SFS Ez Forum "forum" SQL Injection Vulnerability
back [SA32465] IBM Tivoli Storage Manager Client Buffer Overflow Vulnerability
back [SA32456] Eaton MGE Network Shutdown Module Arbitrary Command Execution Vulnerability
back [SA32470] Quassel IRC CTCP Command Injection Vulnerability
back [SA32469] Saba "username" Cross-Site Scripting Vulnerability
back [SA32468] Dorsa CMS "search" Cross-Site Scripting Vulnerability
back [SA32457] Kmita Catalogue "q" Cross-Site Scripting Vulnerability
back [SA32449] phpMyAdmin "db" Cross-Site Scripting Vulnerability
back [SA32445] Kmita Gallery "begin" and "searchtext" Cross-Site Scripting Vulnerabilities
back [SA32432] MyKtools "langage" Local File Inclusion
back [SA32429] iPei Guestbook "pg" Cross-Site Scripting Vulnerability
back [SA32417] Smarty "regex_replace" Modifier Template Security Bypass
back [SA32399] ClipShare "title" Cross-Site Scripting Vulnerability
back [SA32418] libpng "png_handle_tEXt()" Memory Leak Vulnerability
Secunia Bulletin - 2008-44
CERT Bulletin - SB08-308
BULLETIN DETAIL
Secunia Bulletin
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-10-28
A vulnerability has been reported in Blaze Media Pro, which can be exploited by malicious people to potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32455/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-10-28
Stefan Marin has discovered a vulnerability in TUGzip, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32411/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-10-29
AmnPardaz Security Research Team have reported a vulnerability in Persia BME E-Catalogue, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32414/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-10-28
Pouya_Server has reported some security issues in multiple Ocean12 products, which can be exploited by malicious people to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/32409/
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2008-10-28
A vulnerability with an unknown impact has been reported in Novell eDirectory.
Full Advisory:
http://secunia.com/advisories/32395/
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2008-10-28
A security issue has been reported in Citrix Web Interface, which can be exploited by malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32444/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-10-30
Debian has issued an update for openoffice.org. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32461/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS, System access
Released: 2008-10-27
Red Hat has issued an update for java-1.6.0-ibm. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose system information or potentially sensitive information, cause a DoS (Denial of Service), or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32436/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-10-28
S0l1D has reported a vulnerability in Ads Pro, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32402/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2008-10-24
Ubuntu has issued an update for moodle. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32400/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released: 2008-10-24
SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious people to conduct script insertion attacks, bypass certain security restrictions, disclose system and potentially sensitive information, or potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32394/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-10-28
rPath has issued an update for pcre. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32454/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-10-28
rPath has issued an update for libxslt. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32453/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information
Released: 2008-10-29
Red Hat has issued an update for flash-plugin. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and manipulate certain data.
Full Advisory:
http://secunia.com/advisories/32448/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, System access
Released: 2008-10-29
Some vulnerabilities have been reported in KTorrent, which can be exploited by malicious users to compromise a vulnerable system and malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32447/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, System access
Released: 2008-10-27
Some vulnerabilities have been discovered in KTorrent, which can be exploited by malicious users to compromise a vulnerable system and malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32442/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-10-27
Red Hat has issued an update for java-1.5.0-ibm. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32437/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released: 2008-10-30
d3b4g has reported two vulnerabilities in Venalsur Booking Centre, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32430/
Critical: Moderately critical
Where: From remote
Impact: Unknown, DoS
Released: 2008-10-27
Debian has issued an update for clamav. This fixes some vulnerabilities, where some have an unknown impact and others can potentially be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32424/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-10-28
NetBSD has acknowledged a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32401/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-10-24
Debian has issued an update for libspf2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32396/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-10-30
Fedora has issued an update for dovecot. This fixes a security issue, which can be exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32471/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-10-27
Ubuntu has issued an update for moodle. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32446/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Privilege escalation
Released: 2008-10-27
Fedora has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/32441/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-10-30
Fedora has issued an update for libtirpc. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32475/
Critical: Less critical
Where: From local network
Impact: Spoofing, Exposure of sensitive information, DoS
Released: 2008-10-28
A vulnerability has been reported in NetBSD, which can be exploited by malicious people to conduct spoofing attacks, disclose potentially sensitive information, or to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32406/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-10-28
A vulnerability has been reported in libtirpc, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32403/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-10-27
A security issue has been reported in JHead, which can be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32420/
Critical: Less critical
Where: Local system
Impact: Security Bypass, Privilege escalation, DoS
Released: 2008-10-28
Ubuntu has issued an update for linux, linux-source-2.6.15, and linux-source-2.6.22. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), bypass certain security restrictions, and potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32393/
Critical: Not critical
Where: From remote
Impact: System access
Released: 2008-10-30
Fedora has issued an update for ed. This fixes a security issue, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32460/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-10-28
Red Hat has issued an update for lynx. This fixes a weakness, which can be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32416/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-10-28
A weakness has been reported in Lynx, which can be exploited by malicious, local users to potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32407/
Other:
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2008-10-30
Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32452/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2008-10-29
Some vulnerabilities have been discovered in H2O-CMS, which can be exploited by malicious people to bypass certain security restrictions or by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32433/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-10-29
Some vulnerabilities have been reported in OpenOffice, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32419/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-10-27
Dentrasi has discovered a vulnerability in NEPT Image Uploader, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32412/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-10-30
Beenu Arora has reported a vulnerability in Harlandscripts Pro Traffic One, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32467/
Critical: Moderately critical
Where: From remote
Impact: Unknown, Cross Site Scripting, Manipulation of data,
Exposure of sensitive information
Released: 2008-10-30
Multiple vulnerabilities and security issues have been reported in IBM Lotus Connections. Some have an unknown impact and others can be exploited by malicious, local users to disclose sensitive information and by malicious people to disclosure sensitive information, conduct cross-site scripting, script insertion, and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32466/
Critical: Moderately critical
Where: From remote
Impact: Unknown, Cross Site Scripting, Brute force, Exposure of
sensitive information
Released: 2008-10-30
Some vulnerabilities and a weakness have been reported in MyBB, where some have an unknown impact, and others can be exploited by malicious people to conduct brute force or cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32451/
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS
Released: 2008-10-29
SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges, and by malicious people to cause a DoS.
Full Advisory:
http://secunia.com/advisories/32443/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-10-28
A vulnerability has been reported in phplist, which potentially can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32439/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-10-28
A vulnerability has been reported in WebGUI, which can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32438/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-10-28
ExSploiters has discovered a vulnerability in All In One Control Panel (AIOCP), which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32431/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-10-28
X0r has discovered a vulnerability in tlAds, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32427/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-10-29
d3v1l has reported a vulnerability in H&H WebSoccer, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32422/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-10-29
yassine_enp has reported a vulnerability in Aj Square RSS Reader, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32413/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-10-27
Gjoko 'LiquidWorm' Krstic has discovered a vulnerability in KVIrc, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32410/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2008-10-29
0xFFFFFF has discovered some vulnerabilities in PHP-Daily, which can be exploited by malicious people to disclose sensitive information and conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32408/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-10-27
X0r has discovered a vulnerability in tlNews, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32405/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information
Released: 2008-10-29
Some vulnerabilities have been reported in SiteEngine, which can be exploited by malicious people to disclose system information and conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32404/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, Manipulation of data
Released: 2008-10-27
Hurley has reported a vulnerability in SFS Ez Forum, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32397/
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-10-30
A vulnerability has been reported in IBM Tivoli Storage Manager (TSM) Client, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32465/
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2008-10-28
n.runs AG has reported a vulnerability in Eaton MGE Network Shutdown Module, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32456/
Critical: Less critical
Where: From remote
Impact: Hijacking
Released: 2008-10-30
Wouter Coekaerts has reported a vulnerability in Quassel IRC, which can be exploited by malicious people to hijack IRC connections.
Full Advisory:
http://secunia.com/advisories/32470/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-10-30
The-0utl4w has reported a vulnerability in Saba, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32469/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-10-30
Pouya_Server has reported a vulnerability in Dorsa CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32468/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-10-29
cize0f has reported a vulnerability in Kmita Catalogue, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32457/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-10-28
Hadi Kiamarsi has discovered a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32449/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-10-29
cize0f has reported some vulnerabilities in Kmita Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32445/
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-10-28
A vulnerability has been discovered in MyKtools, which can be exploited by malicious users to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32432/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-10-27
Ghost Hacker has discovered a vulnerability in iPei Guestbook, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32429/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-10-27
A vulnerability has been reported in Smarty, which can potentially be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32417/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-10-24
ShockShadow has reported a vulnerability is ClipShare, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32399/
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2008-10-27
A vulnerability has been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32418/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products