Report date: November 17, 2008 Date posted: November 17, 2008
This report combines relevant bulletins from SANS, Secunia and CERT. The wording is original with some "back" links added where needed. The CERT index lists vulnerabilities with and without solutions. Click the link for specific information.
At a very minimum, look at the SANS bulletins as they include the top issues on a weekly basis. Next, review Secunia for a more complete listing with well structured bulletins avaiable as external links. Finally, the CERT section contains very detailed information and many newly discovered vulnerabilities and updates on existing issues.
Tip: highlight any link below to reveal the criticality or priority.
None relevant None relevant back [SA32698] ooVoo URI Handler Buffer Overflow Vulnerability
back [SA32682] SAP GUI MDrmSap ActiveX Control Code Execution Vulnerability
back [SA32597] hMAilServer PHPWebAdmin File Inclusion Vulnerabilities
back [SA32675] Dizi Film Portal "film" SQL Injection Vulnerability
back [SA32590] Arab Portal "file" File Disclosure Vulnerability
back [SA32633] Microsoft Windows SMB Authentication Credential Replay
back [SA32618] Trend Micro ServerProtect Multiple Vulnerabilities
back [SA32683] IBM Metrica Products Cross-Site Scripting and Script
back [SA32592] Orb Networks Orb Directory Traversal Vulnerability
back [SA32669] Anti-Trojan Elite Atepmon.sys IOCTL Handling Vulnerability
back [SA32634] Anti-Keylogger Elite "AKEProtect.sys" IOCTL Handling
back [SA32714] Mozilla SeaMonkey Multiple Vulnerabilities
back [SA32713] Mozilla Firefox 3 Multiple Vulnerabilities
back [SA32708] Fedora update for optipng
back [SA32700] Red Hat update for acroread
back [SA32695] Red Hat update for firefox
back [SA32694] Red Hat update for seamonkey
back [SA32688] Apple iLife / Aperture Image Processing Vulnerabilities
back [SA32629] SUSE update for yelp
back [SA32702] Red Hat update for flash-plugin
back [SA32687] Red Hat update for gnutls
back [SA32681] Fedora update for gnutls
back [SA32678] Debian update for libcdaudio
back [SA32677] Ubuntu update for dovecot
back [SA32661] Gentoo update for faad2
back [SA32656] Gentoo update for graphviz
back [SA32625] Sun Solaris IP Filter DNS Cache Poisoning
back [SA32619] GnuTLS X.509 Certificate Chain Validation Vulnerability
back [SA32614] Fedora update for ipsec-tools
back [SA32608] Ubuntu update for tk
back [SA32607] Ubuntu update for netpbm
back [SA32606] Sun Java System Identity Manager Multiple Vulnerabilities
back [SA32668] Sun Solaris DHCP Request Handling Vulnerabilities
back [SA32685] Red Hat update for httpd
back [SA32662] Gentoo update for gallery
back [SA32630] op5 Monitor Cross-Site Request Forgery
back [SA32620] Fedora update for php-Smarty
back [SA32615] Fedora update for drupal-cck
back [SA32610] Nagios "cmd.cgi" Cross-Site Request Forgery
back [SA32599] TestLink Multiple Script Insertion Vulnerabilities
back [SA32711] rPath update for net-snmp
back [SA32664] Debian update for net-snmp
back [SA32709] rPath update for kernel
back [SA32701] Fedora update for blender
back [SA32679] smcFanControl "main()" Privilege Escalation Vulnerability
back [SA32674] Sun Logical Domains Authentication Bypass Vulnerability
back [SA32627] CDRW-Taper "amlabel-cdrw" Insecure Temporary Files
back [SA32621] HP Tru64 UNIX AdvFS "showfile" Privilege Escalation
back [SA32616] Fedora update for cman, gfs2-utils, and rgmanager
back [SA32605] Apertium Insecure Temporary Files
back [SA32602] Cluster Project Unspecified Insecure Temporary Files
back [SA32598] Scilab Insecure Temporary Files
back [SA32589] DigitalDJ fest.pl Insecure Temporary Files
back [SA32588] Rancid "getipacctg" Insecure Temporary Files
back [SA32587] lmbench Insecure Temporary Files
back [SA32707] Fedora update for libpng10
back [SA32710] rPath update for initscripts
back [SA32691] Ubuntu update for gnome-screensaver
back [SA32671] WIMS "account.sh" Insecure Temporary Files
back [SA32667] Sun Solstice X.25 Local Denial of Service
back [SA32655] Linux Kernel Denial of Service Vulnerabilities
back [SA32631] 2Wire Routers Denial of Service Vulnerability
back [SA32635] Siemens SpeedStream 5200 "Host" Header Authentication Bypass
back [SA32623] Sweex RO002 Router Undocumented Account Security Issue
back [SA32715] Mozilla Thunderbird Multiple Vulnerabilities
back [SA32693] Mozilla Firefox 2 Multiple Vulnerabilities
back [SA32666] AlstraSoft SendIt Pro File Upload Vulnerability
back [SA32651] OptiPNG BMP Reader Buffer Overflow Vulnerability
back [SA32643] Sanusart Simple PHP Guestbook Script PHP Code Execution
back [SA32628] Enthusiast "path" File Inclusion Vulnerability
back [SA32626] PHPStore Multiple Products File Upload Vulnerability
back [SA32712] HP Service Manager Unspecified Security Bypass Vulnerability
back [SA32703] ActiveCampaign TrioLive "department_id" SQL Injection
back [SA32673] MyioSoft Products "rsargs" SQL Injection Vulnerability
back [SA32665] AlstraSoft Article Manager Pro "username" SQL Injection
back [SA32663] ClamAV "get_unicode_name()" Off-By-One Vulnerability
back [SA32660] AlstraSoft Web Host Directory "pwd" SQL Injection
back [SA32653] WOW Raid Manager "auth_phpbb3.php" Authentication Bypass
back [SA32652] Trac Multiple Vulnerabilities
back [SA32647] PozScripts Business Directory Script "cid" SQL Injection
back [SA32646] Mole Group Rental Script "username" SQL Injection
back [SA32645] OTManager CMS "Tipo" File Inclusion Vulnerability
back [SA32644] TurnkeyForms Web Hosting Directory Multiple Vulnerabilities
back [SA32641] E-topbiz Online Store 1 "user" and "cat_id" SQL Injection
back [SA32640] Mini Web Calendar Cross-Site Scripting and Local File
back [SA32639] E-topbiz Number Links 1 "id" SQL Injection Vulnerability
back [SA32638] TYPO3 eluna_pagecomments Extension Cross-Site Scripting and
back [SA32637] Domain Seller Pro "id" SQL Injection Vulnerability
back [SA32636] MyioSoft EasyBookMarker "Parent" SQL Injection Vulnerability
back [SA32632] MemHT Portal "title" SQL Injection Vulnerability
back [SA32622] Joomla! Script Insertion Vulnerabilities
back [SA32617] Zeeways Shaadi Clone Authentication Bypass Vulnerability
back [SA32613] Mole Group Pizza Online Ordering Script "manufacturers_id"
back [SA32603] V3 Chat Products "admin" Cookie Security Bypass
back [SA32601] Zeeways PhotoVideoTube Authentication Bypass Vulnerability
back [SA32600] AJSquare Free Polling Script Authentication Bypass
back [SA32596] DevelopItEasy Events Calendar Multiple SQL Injection
back [SA32595] DevelopItEasy News And Article System Multiple SQL Injection
back [SA32594] DevelopItEasy Membership System Multiple SQL Injection
back [SA32593] DevelopItEasy Photo Gallery Multiple SQL Injection
back [SA32591] TurnkeyForms Local Classifieds SQL Injection and Security
back [SA32586] PHP Classifieds "admin_username" SQL Injection Vulnerability
back [SA32689] TYPO3 "file" Backend Module Cross-Site Scripting
back [SA32670] Sun Java System Messaging Server Cross-Site Scripting
back [SA32657] buymyscripts.net Lyrics Script "k" Cross-Site Scripting
back [SA32654] TYPO3 phpMyAdmin Extension "db" Cross-Site Scripting
back [SA32650] buymyscripts.net Clickbank Portal "keyword" Cross-Site
back [SA32649] buymyscripts.net Recipe Website Script "keyword" Cross-Site
back [SA32642] Fresh Email Script "Email" Cross-Site Scripting
back [SA32680] Blender Insecure Python Module Search Path Vulnerability
back [SA32624] VMware ESX / ESXi Privilege Escalation and Directory
back [SA32612] VMware Products Privilege Escalation Vulnerability
back [SA32686] MoinMoin Full Path Disclosure Weakness
Secunia Bulletin - 2008-46
CERT Bulletin - SB08-322
BULLETIN DETAIL
Secunia Bulletin
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-12
bruiser has discovered a vulnerability in ooVoo, which potentially can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32698/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-11
A vulnerability has been reported in SAPgui, which can be exploited by
malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32682/
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2008-11-07
Nine:Situations:Group::strawdog has discovered some vulnerabilities in
hMailServer PHPWebAdmin, which can be exploited by malicious people to
disclose potentially sensitive information and compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/32597/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-11
Kaan KAMIS has discovered a vulnerability in Dizi Film Portal, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32675/
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-11-10
IRCRASH has reported a vulnerability in Arab Portal, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32590/
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, Spoofing
Released: 2008-11-11
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to bypass certain security features.
Full Advisory:
http://secunia.com/advisories/32633/
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-11-12
Some vulnerabilities have been reported in Trend Micro ServerProtect,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/32618/
Insertion
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-13
Francesco Bianchino has reported a vulnerability in Metrica products,
which can be exploited by malicious users to conduct script insertion
attacks and by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/32683/
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-11-10
A vulnerability has been reported in Orb, which can be exploited by
malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32592/
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2008-11-10
alex has discovered a vulnerability in Anti-Trojan Elite, which can be
exploited by malicious, local users to cause a DoS (Denial of Service)
or potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32669/
Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2008-11-10
alex has discovered some vulnerabilities in Anti-Keylogger Elite, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service) or to potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32634/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released: 2008-11-13
Some vulnerabilities have been reported in Mozilla SeaMonkey, which can
be exploited by malicious people to disclose sensitive information,
bypass certain security restrictions, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32714/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released: 2008-11-13
Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to disclose sensitive information,
bypass certain security restrictions, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32713/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-13
Fedora has issued an update for optipng. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/32708/
Critical: Highly critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2008-11-13
Red Hat has issued an update for acroread. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges or by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/32700/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released: 2008-11-13
Red Hat has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, or
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32695/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released: 2008-11-13
Red Hat has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, or
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32694/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-12
Apple has acknowledged some vulnerabilities in Apple iLife and
Aperture, which can potentially be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32688/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-07
SUSE has issued an update for yelp. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/32629/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information
Released: 2008-11-13
Red Hat has issued an update for flash-plugin. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, manipulate certain data, conduct
cross-site scripting attacks, or disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32702/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing
Released: 2008-11-12
Red Hat has issued an update for gnutls. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/32687/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing
Released: 2008-11-12
Fedora has issued an update for gnutls. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/32681/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-13
Debian has issued an update for libcdaudio. This fixes a vulnerability,
which can be exploited by malicious people to compromise an application
using the library.
Full Advisory:
http://secunia.com/advisories/32678/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-11-10
Ubuntu has issued an update for dovecot. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/32677/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-10
Gentoo has issued an update for faad2. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/32661/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-11-10
Gentoo has issued an update for graphviz. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/32656/
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2008-11-12
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to poison the DNS cache.
Full Advisory:
http://secunia.com/advisories/32625/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing
Released: 2008-11-10
A vulnerability has been reported in GnuTLS, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32619/
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-11-07
Fedora has issued an update for ipsec-tools. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32614/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-07
Ubuntu has issued an update for tk. This fixes a vulnerability, which
can be exploited by malicious people to compromise an application using
the library.
Full Advisory:
http://secunia.com/advisories/32608/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-07
Ubuntu has issued an update for netpbm. This fixes a vulnerability,
which can be exploited by malicious people to potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/32607/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2008-11-12
Some vulnerabilities have been reported in Sun Java System Identity
Manager, which can be exploited by malicious people to conduct
cross-site scripting attacks and to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/32606/
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-11-10
Some vulnerabilities have been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32668/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, DoS
Released: 2008-11-12
Red Hat has issued an update for httpd. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks or potentially cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/32685/
Critical: Less critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, Cross Site Scripting
Released: 2008-11-10
Gentoo has issued an update for gallery. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
script insertion attacks and disclose potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/32662/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-11
A vulnerability has been reported in op5 Monitor, which can be
exploited by malicious people to conduct cross-site request forgery
attacks.
Full Advisory:
http://secunia.com/advisories/32630/
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-07
Fedora has issued an update for php-Smarty. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/32620/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-07
Fedora has issued an update for drupal-cck. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/32615/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-07
Andreas Ericsson has discovered a vulnerability in Nagios, which can be
exploited by malicious people to conduct cross-site request forgery
attacks.
Full Advisory:
http://secunia.com/advisories/32610/
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-07
Some vulnerabilities have been reported in TestLink, which can be
exploited by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/32599/
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-11-13
rPath has issued an update for net-snmp. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/32711/
Critical: Less critical
Where: From local network
Impact: Spoofing, DoS, System access
Released: 2008-11-10
Debian has issued an update for net-snmp. This fixes some
vulnerabilities, which can be exploited by malicious people to spoof
authenticated SNMPv3 packets, cause a DoS (Denial of Service), and
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32664/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-13
rPath has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/32709/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-12
Fedora has issued an update for blender. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/32701/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-12
KaiJern Lau has reported a vulnerability in smcFanControl, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32679/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-13
A vulnerability has been reported in Sun Logical Domains (LDoms), which
can be exploited by malicious, local users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/32674/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-07
A security issue has been reported in CDRW-Taper, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://secunia.com/advisories/32627/
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-07
A vulnerability has been reported in HP Tru64 UNIX, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32621/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-07
Fedora has issued an update for cman, gfs2-utils, and rgmanager. This
fixes some security issues, which can be exploited by malicious, local
users to perform certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/32616/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-11
Some security issues have been reported in Apertium, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://secunia.com/advisories/32605/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-07
Some security issues have been reported in Cluster Project, which can
be exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://secunia.com/advisories/32602/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-10
Some security issues have been reported in Scilab, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://secunia.com/advisories/32598/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-07
A security issue has been reported in DigitalDJ, which can be exploited
by malicious, local users to perform certain actions with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/32589/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-07
A security issue has been reported in Rancid, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/32588/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-07
Some security issue have been reported in lmbench, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://secunia.com/advisories/32587/
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2008-11-13
Fedora has issued an update for libpng10. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/32707/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-13
rPath has issued an update for initscripts. This fixes a security
issue, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/32710/
Critical: Not critical
Where: Local system
Impact: Security Bypass, Exposure of sensitive information
Released: 2008-11-12
Ubuntu has issued an update for gnome-screensaver. This fixes a
weakness and a security issue, which can be exploited by malicious
people with physical access to disclose potentially sensitive
information or bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32691/
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-11
A security issue has been reported in WIMS, which can be exploited by
malicious, local users to perform certain actions with escalated
privileges.
Full Advisory:
http://secunia.com/advisories/32671/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-11-10
A vulnerability has been reported in Solstice X.25, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/32667/
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-11-11
Some vulnerabilities have been reported in the Linux Kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/32655/
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-11-12
hkm has reported a vulnerability in various 2Wire Routers, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/32631/
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2008-11-12
hkm has reported a vulnerability in Siemens SpeedStream 5200, which can
be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/32635/
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2008-11-11
Rob Stout has reported a security issue in the Sweex RO002 Router,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/32623/
Critical: Highly critical
Where: From remote
Impact: System access, Exposure of sensitive information, Exposure
of system information, Security Bypass
Released: 2008-11-13
Some vulnerabilities have been reported in Mozilla Thunderbird, which
can be exploited by malicious people to disclose sensitive information,
bypass certain security restrictions, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32715/
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, System access
Released: 2008-11-13
Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to disclose sensitive information,
bypass certain security restrictions, or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32693/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-13
ZoRLu has reported a vulnerability in AlstraSoft SendIt Pro, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32666/
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-11
A vulnerability has been reported in OptiPNG, which potentially can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/32651/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-11
GoLd_M has reported a vulnerability in Sanusart Simple PHP Guestbook
Script, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/32643/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-10
AmnPardaz Security Research Team has discovered a vulnerability in
Enthusiast, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/32628/
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-11-12
ZoRLu has reported a vulnerability in multiple PHPStore products, which
can be exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32626/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-13
A vulnerability has been reported in HP Service Manager, which can be
exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32712/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-11-12
Russ McRee has reported a vulnerability in ActiveCampaign TrioLive,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/32703/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-10
ZoRLu has discovered a vulnerability in multiple MyioSoft products,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/32673/
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-11-13
ZoRLu has reported a vulnerability in AlstraSoft Article Manager Pro,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/32665/
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-11-10
Moritz Jodeit has reported a vulnerability in ClamAV, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32663/
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-13
ZoRLu has reported a vulnerability in AlstraSoft Web Host Directory,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/32660/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-11
A vulnerability has been reported in WOW Raid Manager, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/32653/
Critical: Moderately critical
Where: From remote
Impact: Spoofing, DoS
Released: 2008-11-10
Some vulnerabilities have been reported in Trac, which can be exploited
by malicious people to cause a DoS (Denial of Service) or to conduct
phishing attacks.
Full Advisory:
http://secunia.com/advisories/32652/
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-12
Hussin X has reported a vulnerability in PozScripts Business Directory
Script, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/32647/
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-10
Cyber-Zone has reported a vulnerability in Mole Group Rental Script,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/32646/
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-11-13
colt7r has discovered a vulnerability in OTManager CMS, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/32645/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Released: 2008-11-13
G4N0K has reported some vulnerabilities in TurnkeyForms Web Hosting
Directory, which can be exploited by malicious people to bypass certain
security restrictions and disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32644/
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-10
Some vulnerabilities have been reported in E-topbiz Online Store 1,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/32641/
Disclosure
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2008-11-10
ahmadbady has discovered two vulnerabilities in Mini Web Calendar,
which can be exploited by malicious people to conduct cross-site
scripting attacks or to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/32640/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-10
Hussin X has reported a vulnerability in E-topbiz Number Links 1, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32639/
SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-11-10
Some vulnerabilities have been reported in the eluna_pagecomments
extension for TYPO3, which can be exploited by malicious people to
conduct cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32638/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-10
TR-ShaRk has reported a vulnerability in Domain Seller Pro, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32637/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-10
G4N0K has discovered a vulnerability in MyioSoft EasyBookMarker, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32636/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-12
Ams has discovered a vulnerability in MemHT Portal, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32632/
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-11
Some vulnerabilities have been reported in Joomla!, which can be
exploited by malicious users and potentially malicious people to
conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/32622/
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-11
G4N0K has reported a vulnerability in Zeeways Shaadi Clone, which can
be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/32617/
SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-07
Cyb3r-1sT has reported a vulnerability in Mole Group Pizza Online
Ordering Script, which can be exploited by malicious people to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32613/
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-10
Cyber-Zone has reported a vulnerability in multiple V3 Chat products,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/32603/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-11-11
Mountassif Moad has reported a vulnerability in Zeeways PhotoVideoTube,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/32601/
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-11-12
G4N0K has discovered a vulnerability in AJ Square Free Polling Script,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/32600/
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-07
Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy Events
Calendar, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/32596/
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-07
Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy News And
Article System, which can be exploited by malicious people to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32595/
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-07
Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy Membership
System, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/32594/
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-07
Cyb3r-1sT has reported some vulnerabilities in DevelopItEasy Photo
Gallery, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/32593/
Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information
Released: 2008-11-07
A vulnerability and a security issue have been reported in TurnkeyForms
Local Classifieds, which can be exploited by malicious people to conduct
SQL injection attacks and bypass certain security restrictions
Full Advisory:
http://secunia.com/advisories/32591/
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-11-07
ZoRLu has reported a vulnerability in PHP Classifieds, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/32586/
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-13
A vulnerability has been reported in TYPO3, which can be exploited by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32689/
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-13
A vulnerability has been reported in Sun Java System Messaging Server,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/32670/
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-12
A vulnerability has been reported in buymyscripts.net Lyrics Script,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/32657/
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-10
A vulnerability has been reported in the phpMyAdmin extension for
TYPO3, which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/32654/
Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-12
A vulnerability has been reported in buymyscripts.net Clickbank Portal,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/32650/
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-12
A vulnerability has been reported in buymyscripts.net Recipe Website
Script, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32649/
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-11-13
Don has reported a vulnerability in Fresh Email Script, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/32642/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-12
A vulnerability has been reported in Blender, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32680/
Traversal Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-07
Some vulnerabilities have been reported in VMware ESX and ESXi, which
can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/32624/
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-11-07
A vulnerability has been reported in various VMware products, which can
be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/32612/
Critical: Not critical
Where: From remote
Impact: Exposure of system information
Released: 2008-11-10
Xia Shing Zee has discovered a weakness in MoinMoin, which can be
exploited by malicious people to disclose system information.
Full Advisory:
http://secunia.com/advisories/32686/
©
2004 California State Polytechnic University, Pomona
policies |
site map |
directories |
eHelp |
web mail |
contact info
back Relevant Products