Report date: November 10, 2008 Date posted: November 10, 2008
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant back [SA32546] NOS Microsystems getPlus ActiveX Control Buffer Overflow
back [SA32513] Chilkat Crypt ActiveX Component "WriteFile()" Insecure Method
back [SA32538] Gentoo update for opera
back [SA32514] Dns2tcp "dns_decode()" Buffer Overflow Vulnerability
back [SA32493] Mahara Multiple Command Execution Vulnerabilities
back [SA32489] Fedora update for openoffice.org
back [SA32530] Ubuntu update for enscript
back [SA32521] Fedora update for enscript
back [SA32518] Fedora update for ktorrent
back [SA32512] Fedora update for uw-imap
back [SA32509] Ubuntu update for kernel
back [SA32496] Gentoo update for libspf2
back [SA32488] VMware ESX Server update for libxml2
back [SA32483] UW-imapd "tmail" and "dmail" Buffer Overflow Vulnerabilities
back [SA32545] HP-UX Xserver Multiple Vulnerabilities
back [SA32553] PTK Command Execution Vulnerability
back [SA32543] Nagios Cross-Site Request Forgery Vulnerability
back [SA32482] Fedora update for phpMyAdmin
back [SA32560] Net-snmp GETBULK Integer Overflow Denial of Service
back [SA32539] Red Hat update for net-snmp
back [SA32531] Fedora update for net-snmp
back [SA32578] Debian update for mysql-dfsg-5.0
back [SA32554] Novell Access Manger Identity Server X509 Session Improper Termination
back [SA32544] HP System Management Homepage Unspecified Privilege Escalation
back [SA32485] Red hat update for kernel
back [SA32566] Ubuntu update for system-tools-backends
back [SA32510] Linux Kernel "hfsplus_find_cat()" and "hfsplus_block_allocate()" Denial of Service
back [SA32487] CrossFire Map Pack combine.pl Insecure Temporary Files
back [SA32498] SonicWALL Products Content Filtering Service Cross-Site Scripting
back [SA32573] Cisco IOS / CatOS VLAN Trunking Protocol Vulnerability
back [SA32569] VLC Media Player CUE and RealText Processing Buffer Overflows
back [SA32551] Joomla Dada Mail Manager Component "mosConfig_absolute_path"
back [SA32533] Joomla VirtueMart Google Base Component "mosConfig_absolute_path" File Inclusion
back [SA32520] Joomla Flash Tree Gallery Component "mosConfig_live_site"
back [SA32516] Simple Machines Forum Multiple Vulnerabilities
back [SA32515] Way Of The Warrior "plancia" File Inclusion Vulnerabilities
back [SA32579] Five Dollar Scripts Drinks Script "recid" SQL Injection Vulnerability
back [SA32564] PHPX "news_id" SQL Injection Vulnerability
back [SA32563] Pre Podcast Portal "id" SQL Injection Vulnerability
back [SA32559] GeSHi Unspecified Code Execution Vulnerability
back [SA32558] SFS Multiple Products "cat_id" SQL Injection
back [SA32557] PreProjects Products Cookie Security Bypass Vulnerability
back [SA32556] nicLOR Sito Includefile "page_file" Local File Inclusion
back [SA32552] SFS EZ BIZ PRO "id" SQL Injection Vulnerability
back [SA32550] SFS EZ Webring "cat" SQL Injection Vulnerability
back [SA32548] Tribiq CMS "template_path" Cross-Site Scripting and Local File Inclusion
back [SA32547] PHP Auto Listings "itemno" SQL Injection Vulnerability
back [SA32542] Logz CMS "art" SQL Injection and Cross-Site Scripting
back [SA32540] U-Mail "edit.php" Arbitrary File Creation Vulnerability
back [SA32536] SFS EZ Hotscripts-like Site Multiple SQL Injection Vulnerabilities
back [SA32532] SFS EZ Hot ot Not "phid" SQL Injection Vulnerability
back [SA32528] SFS EZ Auction "cat" SQL Injection Vulnerability
back [SA32527] SFS EZ Career "topic" SQL Injection Vulnerability
back [SA32526] SFS EZ Top Sites "ts" SQL Injection Vulnerability
back [SA32525] SFS EZ e-store "where" SQL Injection Vulnerability
back [SA32524] SFS EZ Pub Site "cat" SQL Injection Vulnerability
back [SA32523] Joomla Pro Desk Component "include_file" Local File Inclusion Vulnerability
back [SA32522] SFS EZ Gaming Cheats "id" SQL Injection Vulnerability
back [SA32519] Article Publisher Pro SQL Injection Vulnerabilities
back [SA32517] Acc Scripts Products "username_cookie" Cookie Security Bypass
back [SA32507] Acc PHP eMail "NEWSLETTERLOGIN" Cookie Security Bypass Vulnerability
back [SA32504] YourFreeWorld Products "id" SQL Injection Vulnerability
back [SA32503] ToursManager "cityid" SQL Injection Vulnerability
back [SA32502] Simple Document Management System "login" and "pass" SQL Injection
back [SA32500] PHP-Nuke BookCatalog Module "catid" SQL Injection Vulnerability
back [SA32497] Apache Struts Security Bypass and Directory Traversal
back [SA32495] XWork "ParameterInterceptor" Security Bypass Vulnerability
back [SA32492] YourFreeWorld Shopping Cart Script "c" SQL Injection Vulnerability
back [SA32491] Joovili Multiple Cookie Security Bypass Vulnerability
back [SA32484] NetRisk Cross-Site Scripting and SQL Injection Vulnerabilities
back [SA32572] Drupal Content Construction Kit Script Insertion Vulnerabilities
back [SA32555] DHCart "order.php" Two Cross-Site Scripting Vulnerabilities
back [SA32549] firmCHANNEL Digital Signage "action" Cross-Site Scripting Vulnerability
back [SA32511] RateMe Cross-Site Scripting and Cross-Site Request Forgery
back [SA32506] SignMe "hash" Cross-Site Scripting Vulnerability
back [SA32505] MyGallery "mghash" Cross-Site Scripting Vulnerability
back [SA32567] Adobe ColdFusion Sandbox Security Bypass Vulnerability
Secunia Bulletin - 2008-45
CERT Bulletin - SB08-315
BULLETIN DETAIL
Secunia Bulletin
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-05
A vulnerability has been reported in the NOS Microsystems getPlus ActiveX control, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32546/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-04
shinnai has discovered a vulnerability in Chilkat Crypt ActiveX Component, which can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32513/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure
of system information, Exposure of sensitive information, DoS, System access
Released: 2008-11-04
Gentoo has issued an update for opera. This fixes some vulnerabilities, which can be exploited by malicious people to disclose system and potentially sensitive information, conduct spoofing and cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32538/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-03
A vulnerability has been reported in Dns2tcp, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32514/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-05
Some vulnerabilities have been reported in Mahara, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32493/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-10-31
Fedora has issued an update for openoffice.org. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32489/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-11-04
Ubuntu has issued an update for enscript. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32530/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-11-06
Fedora has issued an update for enscript. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32521/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, System access
Released: 2008-11-06
Fedora has issued an update for ktorrent. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32518/
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2008-11-06
Fedora has issued an update for uw-imap. This fixes some vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges, and by malicious people to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32512/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-05
Ubuntu has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of
Service) or to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32509/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-10-31
Gentoo has issued an update for libspf2. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/32496/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-10-31
VMware has issued an update for VMware ESX Server. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32488/
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2008-11-03
Two vulnerabilities have been reported in UW-imapd, which can be exploited by malicious, local users to potentially gain escalated privileges, and by malicious people to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32483/
Critical: Moderately critical
Where: From local network
Impact: Privilege escalation, DoS, System access
Released: 2008-11-04
HP has acknowledged some vulnerabilities in HP-UX, which can be exploited by malicious, local users to disclose potentially sensitive information or gain escalated privileges, and by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32545/
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-11-06
A vulnerability has been reported in PTK, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32553/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-05
A vulnerability has been reported in Nagios, which can be exploited by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/32543/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-10-31
Fedora has issued an update for phpMyAdmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32482/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-11-03
A vulnerability has been reported in Net-snmp, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32560/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-11-04
Red Hat has issued an update for net-snmp. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32539/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-11-06
Fedora has issued an update for net-snmp. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32531/
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2008-11-06
Debian has issued an update for mysql-dfsg-5.0. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32578/
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2008-11-05
A security issue has been reported in Novell Access Manager Identity Server, which can be exploited by malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32554/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-04
A vulnerability has been reported in HP System Management Homepage (SMH), which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/32544/
Critical: Less critical
Where: Local system
Impact: DoS, Privilege escalation, Exposure of sensitive
information
Released: 2008-11-04
Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), to disclose potentially sensitive information, or to potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32485/
Critical: Not critical
Where: From remote
Impact: Brute force
Released: 2008-11-06
Ubuntu has issued an update for system-tools-backend. This fixes a weakness, which can be exploited by malicious people to conduct brute force attacks.
Full Advisory:
http://secunia.com/advisories/32566/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-11-04
Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32510/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-10-31
A security issue has been reported in CrossFire, which can be exploited by malicious, local users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/32487/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-10-31
A vulnerability has been reported in various SonicWALL products, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32498/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-11-06
A vulnerability has been reported in Cisco IOS/CatOS, which can be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32573/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-06
Two vulnerabilities have been reported in VLC Media Player, which potentially can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32569/
File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-06
NoGe has discovered a vulnerability in the Dada Mail Manager component for Joomla, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32551/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-05
NoGe has discovered a vulnerability in the VirtueMart Google Base component for Joomla, which can be exploited by malicious people to compromise a vulnerable system
Full Advisory:
http://secunia.com/advisories/32533/
File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-03
NoGe has reported a vulnerability in the Flash Tree Gallery component for Joomla!, which can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32520/
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information,
System access
Released: 2008-11-05
Some vulnerabilities have been discovered in Simple Machines Forum, which can be exploited by malicious people to conduct cross-site request forgery attacks and by malicious users to disclose potentially sensitive information and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32516/
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2008-11-05
Some vulnerabilities have been discovered in Way Of The Warrior (WOTW), which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32515/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-06
Ex Tacy has reported a vulnerability in Five Dollar Scripts Drinks script, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32579/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-06
StAkeR has discovered a vulnerability in PHPX, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32564/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-06
G4N0K has reported a vulnerability in Pre Podcast Portal, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32563/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-11-03
A vulnerability has been reported in GeSHI, which can potentially be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32559/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-03
A vulnerability has been reported in multiple SFS products, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32558/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-06
G4N0K has reported a vulnerability in multiple PreProjects products, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32557/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-11-05
StAkeR has discovered a vulnerability in nicLOR Sito Includefile, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32556/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-03
d3b4g has reported a vulnerability in SFS EZ BIZ PRO, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32552/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-03
d3b4g has reported a vulnerability in SFS EZ Webring, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32550/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2008-11-03
Some vulnerabilities have been discovered in Tribiq CMS, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32548/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-06
G4N0K has reported a vulnerability in PHP Auto Listings, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32547/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-11-03
Some vulnerabilities have been discovered in Logz CMS, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32542/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, System access
Released: 2008-11-05
Shennan Wang has reported a vulnerability in U-Mail, which can be exploited by malicious users to bypass certain security restrictions and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32540/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-03
Some vulnerabilities have been reported in SFS EZ Hotscripts-like Site, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32536/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-03
d3b4g has reported a vulnerability in SFS EZ Hot ot Not, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32532/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, Manipulation of data
Released: 2008-11-03
Mountassif Moad has reported a vulnerability in SFS EZ Auction, which can be exploited by malicious people to conduct SQL Injection attacks.
Full Advisory:
http://secunia.com/advisories/32528/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-03
Mountassif Moad has reported a vulnerability in SFS EZ Career, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32527/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-03
Mountassif Moad has reported a vulnerability in SFS EZ Top Sites, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32526/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-03
ZoRLu has reported a vulnerability in SFS EZ e-store, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32525/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-03
Hakxer has reported a vulnerability in SFS EZ Pub Site, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32524/
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-11-05
d3v1l has reported a vulnerability in the Pro Desk component for Joomla, which can be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32523/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-03
ZoRLu has reported a vulnerability in SFS EZ Gaming Cheats, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32522/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-11-03
Some vulnerabilities have been reported in Article Publisher Pro, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32519/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-04
Hakxer has reported a vulnerability in multiple Acc Scripts products, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32517/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-04
Hakxer has reported a vulnerability in Acc PHP eMail, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32507/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-03
Hussin X has reported a vulnerability in various YourFreeWorld products, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32504/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-05
G4N0K has reported a vulnerability in ToursManager, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32503/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-05
Yuri has discovered a vulnerability in Simple Document Management System (SDMS), which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32502/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-10-31
Ehsan_Hp200 has reported a vulnerability in the BookCatalog module for PHP-Nuke, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32500/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information
Released: 2008-11-04
Some vulnerabilities have been reported in Apache Struts, which can be exploited by malicious people to bypass certain security restrictions or to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32497/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-04
A vulnerability has been reported in XWork, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32495/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-03
Hussin X has reported a vulnerability in YourFreeWorld Shopping Cart Script with Affiliate Program, which can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32492/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-03
ZoRLu has reported a vulnerability in Joovili, which can be exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32491/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-11-03
StAkeR has discovered some vulnerabilities in NetRisk, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32484/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-06
Some vulnerabilities have been reported in the Drupal Content Construction Kit (CCK), which can be exploited by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/32572/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-05
Lostmon has reported two vulnerabilities in DHCart, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32555/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-05
Brad Antoniewicz has reported a vulnerability in firmCHANNEL Digital Signage, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32549/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-03
Russ McRee has reported some vulnerabilities in RateMe, which can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32511/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-03
Russ McRee has discovered a vulnerability in SignMe, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32506/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-03
Russ McRee has discovered a vulnerability in MyGallery, which can be exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32505/
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2008-11-06
A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious, local users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32567/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products