======================================================================== The Secunia Weekly Advisory Summary 2005-06-16 - 2005-06-23 This week : 45 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: The Secunia staff is spending hours every day to assure you the best and most reliable source for vulnerability information. Every single vulnerability report is being validated and verified before a Secunia advisory is written. Secunia validates and verifies vulnerability reports in many different ways e.g. by downloading the software and performing comprehensive tests, by reviewing source code, or by validating the credibility of the source from which the vulnerability report was issued. As a result, Secunia's database is the most correct and complete source for recent vulnerability information available on the Internet. Secunia Online Vulnerability Database: http://secunia.com/ ======================================================================== 2) This Week in Brief: Multiple browsers are vulnerable to the "Dialog Origin" vulnerability, which can be exploited by malicious people to spoof JavaScript Dialog boxes. Secunia has constructed a test, which can be used to check if your browser is affected by this issue: http://secunia.com/multiple_browsers_dialog_origin_vulnerability_test/ For more information about this issue, please refer to the Secunia advisories below. Reference: http://secunia.com/SA15492 http://secunia.com/SA15491 http://secunia.com/SA15488 http://secunia.com/SA15474 http://secunia.com/SA15477 http://secunia.com/SA15489 -- Secunia Research has discovered multiple vulnerabilities in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks and to bypass certain security restrictions. Additionally, Secunia Research discovered a variant of the "Window Injection" vulnerability. More information can be found in the referenced Secunia advisories below. Reference: http://secunia.com/SA15008 http://secunia.com/SA15411 http://secunia.com/SA15423 http://secunia.com/SA13253 VIRUS ALERTS: Secunia has not issued any virus alerts during the week. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA15489] Mozilla / Firefox / Camino Dialog Origin Spoofing Vulnerability 2. [SA15491] Microsoft Internet Explorer Dialog Origin Spoofing Vulnerability 3. [SA15411] Opera "javascript:" URL Cross-Site Scripting Vulnerability 4. [SA15606] Internet Explorer Two Vulnerabilities 5. [SA15671] Java Web Start / Sun JRE Sandbox Security Bypass Vulnerability 6. [SA15474] Safari Dialog Origin Spoofing Vulnerability 7. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability 8. [SA15488] Opera Dialog Origin Spoofing Vulnerability 9. [SA15492] Internet Explorer for Mac Dialog Origin Spoofing Vulnerability 10. [SA15008] Opera XMLHttpRequest Security Bypass ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA15762] Fortibus CMS "username" and "ID" SQL Injection Vulnerabilities [SA15747] Ublog Reload SQL Injection and Cross-Site Scripting [SA15734] Cool Cafe SQL Injection and Disclosure of Sensitive Information [SA15769] i-Gallery "folder" Cross-Site Scripting and Directory Traversal UNIX/Linux: [SA15777] SUSE update for java2 [SA15755] Gentoo update for sun-jdk/sun-jre-bin/blackdown-jdk/blackdown-jre [SA15753] Gentoo update for peercast [SA15750] Slackware update for sun-jdk/sun-jre [SA15772] Fedora update for ruby [SA15766] Gentoo update for squirrelmail [SA15749] Sun ONE Messaging Server Unspecified Webmail Vulnerability [SA15741] SUSE Updates for gpg2/telnet/unace/horde [SA15740] Yaws Source Code Disclosure Vulnerability [SA15730] Red Hat update for mc [SA15773] Ubuntu update for tcpdump [SA15770] cPanel cpsrvd.pl Cross-Site Scripting Vulnerability [SA15768] Gentoo update for spamassassin/razor [SA15754] NanoBlogger Plugins Shell Command Injection Vulnerability [SA15751] Gentoo update for cpio [SA15729] Red Hat update for bzip2 [SA15728] Fedora update for spamassassin [SA15774] Ubuntu update for sudo [SA15771] Fedora update for sudo [SA15763] Novell NetMail File Ownership Security Issue [SA15759] Slackware update for sudo [SA15748] OpenBSD update for sudo [SA15744] Sudo Arbitrary Command Execution Vulnerability [SA15760] Avaya Products Telnet Client Information Disclosure Weakness [SA15731] Red Hat update for gaim Other: [SA15757] Enterasys Vertical Horizon Switches Two Security Issues [SA15765] Cisco VPN Concentrator Group Name Enumeration Weakness Cross Platform: [SA15767] Ruby XMLRPC Server Arbitrary Command Execution [SA15758] MercuryBoard "User-Agent" SQL Injection Vulnerability [SA15752] Trac Arbitrary File Upload/Download Vulnerability [SA15735] XAMPP "lang.php" Script Insertion and Information Disclosure [SA15732] Ultimate PHP Board Cross-Site Scripting and User Credentials Exposure [SA15775] Gentoo update for tor [SA15764] Tor Disclosure of Sensitive Information [SA15739] Razor-agents Denial of Service Vulnerabilities [SA15738] Contelligent Preview Privilege Escalation Vulnerability [SA15737] ajax-spell Cross-Site Scripting Vulnerability [SA15736] amaroK Web Frontend Exposure of User Credentials [SA15742] RealVNC Information Disclosure Weakness [SA15733] e107 Administrator Account Enumeration Weakness [SA15746] JBoss "org.jboss.web.WebServer" Information Disclosure ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA15762] Fortibus CMS "username" and "ID" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-06-21 Tamer Mohamed Hassan has discovered some vulnerabilities in Fortibus CMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15762/ -- [SA15747] Ublog Reload SQL Injection and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2005-06-20 Dedi Dwianto has discovered two vulnerabilities in Ublog Reload, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/15747/ -- [SA15734] Cool Cafe SQL Injection and Disclosure of Sensitive Information Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of sensitive information Released: 2005-06-17 Donnie Werner has reported two vulnerabilities in Cool Cafe, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information. Full Advisory: http://secunia.com/advisories/15734/ -- [SA15769] i-Gallery "folder" Cross-Site Scripting and Directory Traversal Critical: Less critical Where: From remote Impact: Cross Site Scripting, Exposure of system information Released: 2005-06-21 Seyed Hamid Kashfi has discovered a vulnerability in i-Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose system information. Full Advisory: http://secunia.com/advisories/15769/ UNIX/Linux:-- [SA15777] SUSE update for java2 Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-22 SUSE has issued an update for java2. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15777/ -- [SA15755] Gentoo update for sun-jdk/sun-jre-bin/blackdown-jdk/blackdown-jre Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-20 Gentoo has issued updates for sun-jdk, sun-jre-bin, blackdown-jdk, and blackdown-jre. These fix a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15755/ -- [SA15753] Gentoo update for peercast Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-20 Gentoo has issued an update for peercast. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15753/ -- [SA15750] Slackware update for sun-jdk/sun-jre Critical: Highly critical Where: From remote Impact: System access Released: 2005-06-20 Slackware has issued an update for sun-jdk/sun-jre. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15750/ -- [SA15772] Fedora update for ruby Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2005-06-22 Fedora has issued an update for ruby. This fixes a vulnerability, which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/15772/ -- [SA15766] Gentoo update for squirrelmail Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-06-22 Gentoo has issued an update for squirrelmail. This fixes several vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/15766/ -- [SA15749] Sun ONE Messaging Server Unspecified Webmail Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-06-20 A vulnerability has been reported in Sun ONE Messaging Server, which may be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/15749/ -- [SA15741] SUSE Updates for gpg2/telnet/unace/horde Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, System access Released: 2005-06-20 SUSE has issued updates for gpg2, telnet, unace and horde. These fix some vulnerabilities, which can be exploited by malicious people to gain knowledge of various information, conduct cross-site scripting attacks and compromise a user's system. Full Advisory: http://secunia.com/advisories/15741/ -- [SA15740] Yaws Source Code Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2005-06-17 M. Eiszner has reported a vulnerability in Yaws, which can be exploited by malicious people to gain knowledge of potentially sensitive information. Full Advisory: http://secunia.com/advisories/15740/ -- [SA15730] Red Hat update for mc Critical: Moderately critical Where: From remote Impact: Unknown, Privilege escalation, DoS Released: 2005-06-17 Red Hat has issued an update for mc. This fixes several vulnerabilities, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15730/ -- [SA15773] Ubuntu update for tcpdump Critical: Less critical Where: From remote Impact: DoS Released: 2005-06-22 Ubuntu has issued an update for tcpdump. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15773/ -- [SA15770] cPanel cpsrvd.pl Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-06-22 A vulnerability has been discovered in cPanel, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/15770/ -- [SA15768] Gentoo update for spamassassin/razor Critical: Less critical Where: From remote Impact: DoS Released: 2005-06-21 Gentoo has issued updates for spamassassin and razor. These fix a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15768/ -- [SA15754] NanoBlogger Plugins Shell Command Injection Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2005-06-21 A vulnerability has been reported in NanoBlogger, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/15754/ -- [SA15751] Gentoo update for cpio Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2005-06-20 Gentoo has issued an update for cpio. This fixes a vulnerability, which can be exploited by malicious people to cause files to be unpacked to arbitrary locations on a user's system. Full Advisory: http://secunia.com/advisories/15751/ -- [SA15729] Red Hat update for bzip2 Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data, DoS Released: 2005-06-17 Red Hat has issued an update for bzip2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15729/ -- [SA15728] Fedora update for spamassassin Critical: Less critical Where: From remote Impact: DoS Released: 2005-06-17 Fedora has issued an update for spamassassin. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15728/ -- [SA15774] Ubuntu update for sudo Critical: Less critical Where: Local system Impact: Security Bypass Released: 2005-06-22 Ubuntu has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to execute arbitrary commands with escalated privileges. Full Advisory: http://secunia.com/advisories/15774/ -- [SA15771] Fedora update for sudo Critical: Less critical Where: Local system Impact: Security Bypass Released: 2005-06-22 Fedora has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to execute arbitrary commands with escalated privileges. Full Advisory: http://secunia.com/advisories/15771/ -- [SA15763] Novell NetMail File Ownership Security Issue Critical: Less critical Where: Local system Impact: Manipulation of data Released: 2005-06-21 A security issue has been reported in NetMail, which can be exploited by malicious, local users to delete or replace the NetMail binaries. Full Advisory: http://secunia.com/advisories/15763/ -- [SA15759] Slackware update for sudo Critical: Less critical Where: Local system Impact: Security Bypass Released: 2005-06-22 Slackware has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to execute arbitrary commands with escalated privileges. Full Advisory: http://secunia.com/advisories/15759/ -- [SA15748] OpenBSD update for sudo Critical: Less critical Where: Local system Impact: Security Bypass Released: 2005-06-21 OpenBSD has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to execute arbitrary commands with escalated privileges. Full Advisory: http://secunia.com/advisories/15748/ -- [SA15744] Sudo Arbitrary Command Execution Vulnerability Critical: Less critical Where: Local system Impact: Security Bypass Released: 2005-06-21 A vulnerability has been reported in sudo, which can be exploited by malicious, local users to execute arbitrary commands. Full Advisory: http://secunia.com/advisories/15744/ -- [SA15760] Avaya Products Telnet Client Information Disclosure Weakness Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2005-06-21 Avaya has acknowledged a weakness in the telnet client included in certain products, which can be exploited by malicious people to gain knowledge of certain system information. Full Advisory: http://secunia.com/advisories/15760/ -- [SA15731] Red Hat update for gaim Critical: Not critical Where: From remote Impact: DoS Released: 2005-06-17 Red Hat has issued an update for gaim. This fixes two weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15731/ Other:-- [SA15757] Enterasys Vertical Horizon Switches Two Security Issues Critical: Less critical Where: From local network Impact: Security Bypass, DoS Released: 2005-06-21 Jacek Lipkowski has reported two security issues in various Enterasys Vertical Horizon switches, which can be exploited by malicious people to gain access to a debugging account, and by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/15757/ -- [SA15765] Cisco VPN Concentrator Group Name Enumeration Weakness Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2005-06-21 NTA Monitor has reported a weakness in Cisco VPN 3000 Concentrator, which can be exploited by malicious people to gain knowledge of certain information. Full Advisory: http://secunia.com/advisories/15765/ Cross Platform:-- [SA15767] Ruby XMLRPC Server Arbitrary Command Execution Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2005-06-22 Nobuhiro IMAI has reported a vulnerability in Ruby, which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/15767/ -- [SA15758] MercuryBoard "User-Agent" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-06-22 4yka has reported a vulnerability in MercuryBoard, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/15758/ -- [SA15752] Trac Arbitrary File Upload/Download Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information, System access Released: 2005-06-20 Stefan Esser has reported a vulnerability in Trac, which can be exploited by malicious users to disclose sensitive information and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/15752/ -- [SA15735] XAMPP "lang.php" Script Insertion and Information Disclosure Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of sensitive information Released: 2005-06-17 A vulnerability has been reported in XAMPP, which can be exploited by malicious people to disclose potentially sensitive information and conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/15735/ -- [SA15732] Ultimate PHP Board Cross-Site Scripting and User Credentials Exposure Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of sensitive information Released: 2005-06-17 Alberto Trivero has reported some vulnerabilities and a security issue in Ultimate PHP Board, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Full Advisory: http://secunia.com/advisories/15732/ -- [SA15775] Gentoo update for tor Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2005-06-22 Gentoo has issued an update for tor. This fixes a vulnerability, which potentially can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/15775/ -- [SA15764] Tor Disclosure of Sensitive Information Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2005-06-22 A vulnerability has been reported in Tor, which potentially can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/15764/ -- [SA15739] Razor-agents Denial of Service Vulnerabilities Critical: Less critical Where: From remote Impact: DoS Released: 2005-06-17 Two vulnerabilities have been reported in Razor-agents, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/15739/ -- [SA15738] Contelligent Preview Privilege Escalation Vulnerability Critical: Less critical Where: From remote Impact: Privilege escalation Released: 2005-06-17 A vulnerability has been reported in Contelligent, which can be exploited by malicious users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/15738/ -- [SA15737] ajax-spell Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-06-17 A vulnerability has been reported in ajax-spell, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/15737/ -- [SA15736] amaroK Web Frontend Exposure of User Credentials Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2005-06-17 A security issue has been reported in the amaroK Web Frontend plugin for amaroK, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/15736/ -- [SA15742] RealVNC Information Disclosure Weakness Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2005-06-20 class101 has reported a weakness in RealVNC, which can be exploited by malicious people to gain knowledge of various system information. Full Advisory: http://secunia.com/advisories/15742/ -- [SA15733] e107 Administrator Account Enumeration Weakness Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2005-06-17 Marc Ruef has discovered a weakness in e107, which can be exploited by malicious people to identify valid administrator accounts. Full Advisory: http://secunia.com/advisories/15733/ -- [SA15746] JBoss "org.jboss.web.WebServer" Information Disclosure Critical: Not critical Where: From local network Impact: Exposure of system information Released: 2005-06-20 Marc Schoenefeld has reported a weakness in JBoss, which can be exploited by malicious people to disclose system information. Full Advisory: http://secunia.com/advisories/15746/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jun 23 2005 - 22:42:26 PDT