======================================================================== The Secunia Weekly Advisory Summary 2007-12-20 - 2007-12-27 This week: 42 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: More than 20% of all applications installed on users PC's have known security flaws but the user have yet to install the patch provided by the vendor of product. Read the full blog: http://secunia.com/blog/17/ Download and test the Secunia PSI today: https://psi.secunia.com/ ======================================================================== 2) This Week in Brief: A highly critical vulnerability has been reported in IBM Lotus Domino Web Access, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the dwa7.dwa7.1 ActiveX control (dwa7W.dll) when handling strings assigned to the "General_ServerName" property. This can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the affected property and then calling the "InstallBrowserHelperDll()" method. Successful exploitation allows execution of arbitrary code. The vulnerability is reported in dwa7W.dll version 7.0.34.1 and reportedly affects IBM Lotus Domino 6.x and 7.x. Other versions may also be affected. The vulnerability is currently unpatched, so users are urged to prevent possible exploitation by setting the kill-bit for the affected method. For more information: http://secunia.com/advisories/28184/ -- Some highly critical vulnerabilities have been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user's system. Boundary errors in the "ParseMicroDvd()", "ParseSSA()", and "ParseVplayer()" functions when handling subtitles can be exploited to cause stack-based buffer overflows. A format string error in the web interface listening on port 8080/TCP, which is disabled by default, can be exploited via a specially crafted HTTP request with a "Connection" header value containing format specifiers. Successful exploitation of the vulnerabilities allows execution of arbitrary code. The vulnerabilities are confirmed in version 0.8.6d. Other versions may also be affected. The vendor has released a fixed version in their SVN repository. For more information: http://secunia.com/advisories/28233/ -- A highly critical vulnerability has been discovered in Total Player, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when constructing an absolute path to a file referenced within an M3U playlist. This can be exploited to cause a stack-based buffer overflow via an overly long string in a playlist file. Successful exploitation may allow execution of arbitrary code. The vulnerability is currently unpatched, so users are urged to avoid opening untrusted playlists to avoid possible exploitation. For more information: http://secunia.com/advisories/28236/ -- VIRUS ALERTS: During the past week Secunia collected 121 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA28161] Adobe Flash Player Multiple Vulnerabilities 2. [SA28184] IBM Lotus Domino Web Access Control ActiveX Control Buffer Overflow 3. [SA28186] Sun Java System Web Proxy Server Multiple Vulnerabilities 4. [SA28166] Google Toolbar Custom Button Installer Dialog Spoofing Weakness 5. [SA28174] IBM DB2 Content Manager eClient Unspecified Scripting Vulnerability 6. [SA28102] Novell GroupWise Client HTML E-Mail Processing Buffer Overflow 7. [SA28196] IBM HTTP Server Two Cross-Site Scripting Vulnerabilities 8. [SA28180] Fedora BIND "/etc/rndc.key" Insecure File Permissions 9. [SA28191] HP-UX rpc.yppasswdd Unspecified Denial of Service Vulnerability 10. [SA28197] Fedora update for wireshark ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA28236] Total Player M3U Playlist Parsing Buffer Overflow [SA28218] Mercury LoadRunner XUpload ActiveX Control Buffer Overflow [SA28215] WinAce UUE File Decompression Buffer Overflow [SA28214] Zoom Player Error Message Buffer Overflow Vulnerability [SA28205] Groove Virtual Office XUpload ActiveX Control Buffer Overflow [SA28234] Ada Image Server Multiple Vulnerabilities [SA28208] WinUAE Floppy Disk Image File Loading Buffer Overflow [SA28206] Web Sihirbazi "default.asp" SQL Injection [SA28193] Aeries Browser Interface "EmailAddress" SQL Injection [SA28252] IPortalX Multiple Cross-Site Scripting Vulnerabilities UNIX/Linux: [SA28246] Fedora update for gallery2 [SA28213] SUSE update for flash-player [SA28201] PMOS Help Desk PHP Code Execution and Security Bypass [SA28238] Bitflu StorageFarabDb Security Bypass Vulnerability [SA28207] Fedora update for wireshark [SA28198] Moodle MRBS Module "id" SQL Injection [SA28197] Fedora update for wireshark [SA28195] Fedora update for libexif [SA28200] Debian update for cupsys [SA28241] GreaseKit / Creammonkey GM API Vulnerability [SA28224] Sun Solaris Apache Cross-Site Scripting and Denial of Service [SA28212] Sun Solaris Apache Cross-Site Scripting and Denial of Service Other: [SA28191] HP-UX rpc.yppasswdd Unspecified Denial of Service Vulnerability [SA28192] HP Tru64 UNIX FFM Unspecified Denial of Service Vulnerability Cross Platform: [SA28251] Mambo Multiple Vulnerabilities [SA28245] NmnNewsletter "output" File Inclusion Vulnerability [SA28240] Shadowed Portal File Inclusion and PHP Code Execution [SA28233] VLC Media Player Multiple Vulnerabilities [SA28230] phpAutoVideo Two File Inclusion Vulnerabilities [SA28250] XZero Community Classifieds "subcatid" SQL Injection [SA28242] mBlog "page" Local File Inclusion Vulnerability [SA28232] MailMachinePRO "id" SQL Injection Vulnerability [SA28225] TikiWiki Multiple Vulnerabilities [SA28217] TCPreen FD_SET Buffer Overflow Vulnerability [SA28202] CuteNews "search.php" Information Disclosure [SA28188] Woltlab Burning Board Lite "search.php" SQL Injection Vulnerabilities [SA28239] PDFlib "pdc_fsearch_fopen()" Buffer Overflow Vulnerability [SA28235] SimpleForum "searchkey" Cross-Site Scripting Vulnerability [SA28216] Sun Java System Web Server / Web Proxy Server Cross-Site Scripting [SA28196] IBM HTTP Server Two Cross-Site Scripting Vulnerabilities [SA28190] Limbo "com_option" Cross-Site Scripting [SA28237] Novell Identity Manager asampsp Denial of Service ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA28236] Total Player M3U Playlist Parsing Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2007-12-26 David G.M. has discovered a vulnerability in Total Player, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28236/ -- [SA28218] Mercury LoadRunner XUpload ActiveX Control Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2007-12-26 A vulnerability has been discovered in HP Mercury LoadRunner, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28218/ -- [SA28215] WinAce UUE File Decompression Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2007-12-25 A vulnerability has been reported in WinAce, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28215/ -- [SA28214] Zoom Player Error Message Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-12-25 Luigi Auriemma has discovered a vulnerability in Zoom Player, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28214/ -- [SA28205] Groove Virtual Office XUpload ActiveX Control Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2007-12-26 A vulnerability has been discovered in Groove Virtual Office, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28205/ -- [SA28234] Ada Image Server Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2007-12-25 Some vulnerabilities have been discovered in Ada Image Server, which can be exploited by malicious people to conduct cross-site scripting attacks or gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/28234/ -- [SA28208] WinUAE Floppy Disk Image File Loading Buffer Overflow Critical: Moderately critical Where: From remote Impact: System access Released: 2007-12-24 Luigi Auriemma has discovered a vulnerability in WinUAE, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28208/ -- [SA28206] Web Sihirbazi "default.asp" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2007-12-26 bypas has reported two vulnerabilities in Web Sihirbazi, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28206/ -- [SA28193] Aeries Browser Interface "EmailAddress" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2007-12-21 Aria-Security Team have reported a vulnerability in Aeries Browser Interface (ABI), which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28193/ -- [SA28252] IPortalX Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-12-27 Doz has reported some vulnerabilities in IPortalX, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28252/ UNIX/Linux:-- [SA28246] Fedora update for gallery2 Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access Released: 2007-12-26 Fedora has issued an update for gallery2. This fixes some vulnerabilities and a weakness, where some have unspecified impacts and others can be exploited by malicious users or malicious people to disclose sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28246/ -- [SA28213] SUSE update for flash-player Critical: Highly critical Where: From remote Impact: Unknown, Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2007-12-24 SUSE has issued an update for flash-player. This fixes some vulnerabilities, where one vulnerability has an unknown impact and others can be exploited by malicious, local users to gain escalated privileges and by malicious people to bypass certain security restrictions, conduct cross-site scripting and HTTP request splitting attacks, disclose sensitive information, cause a Denial of Service (DoS), or to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/28213/ -- [SA28201] PMOS Help Desk PHP Code Execution and Security Bypass Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2007-12-26 EgiX has discovered a vulnerability in PMOS Help Desk, which can be exploited by malicious people to bypass certain security restrictions and to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28201/ -- [SA28238] Bitflu StorageFarabDb Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2007-12-27 A vulnerability has been reported in Bitflu, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/28238/ -- [SA28207] Fedora update for wireshark Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-12-24 Fedora has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28207/ -- [SA28198] Moodle MRBS Module "id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2007-12-24 root at hanicker.it has reported a vulnerability in the MRBS Module for Moodle, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28198/ -- [SA28197] Fedora update for wireshark Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-12-21 Fedora has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28197/ -- [SA28195] Fedora update for libexif Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-12-21 Fedora has issued an update for libexif. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/28195/ -- [SA28200] Debian update for cupsys Critical: Moderately critical Where: From local network Impact: Privilege escalation, DoS, System access Released: 2007-12-27 Debian has issued an update for cupsys. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges, and by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28200/ -- [SA28241] GreaseKit / Creammonkey GM API Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass Released: 2007-12-26 A vulnerability was reported in GreaseKit / Creammonkey, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/28241/ -- [SA28224] Sun Solaris Apache Cross-Site Scripting and Denial of Service Critical: Not critical Where: From remote Impact: Cross Site Scripting, DoS Released: 2007-12-24 Sun has acknowledged some vulnerabilities in Apache for Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28224/ -- [SA28212] Sun Solaris Apache Cross-Site Scripting and Denial of Service Critical: Not critical Where: From remote Impact: Cross Site Scripting, DoS Released: 2007-12-24 Sun has acknowledged some vulnerabilities in Apache for Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28212/ Other:-- [SA28191] HP-UX rpc.yppasswdd Unspecified Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2007-12-21 A vulnerability has been reported in HP-UX, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28191/ -- [SA28192] HP Tru64 UNIX FFM Unspecified Denial of Service Vulnerability Critical: Not critical Where: Local system Impact: DoS Released: 2007-12-21 A vulnerability has been reported in HP Tru64 UNIX, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28192/ Cross Platform:-- [SA28251] Mambo Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Unknown, Cross Site Scripting, System access Released: 2007-12-27 Some vulnerabilities have been reported in Mambo, one with an unknown impact and others, which can be exploited by malicious people to conduct cross-site scripting attacks or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28251/ -- [SA28245] NmnNewsletter "output" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-12-26 CraCkEr has discovered a vulnerability in NmnNewsletter, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28245/ -- [SA28240] Shadowed Portal File Inclusion and PHP Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2007-12-26 The:Paradox has discovered two vulnerabilities in Shadowed Portal, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28240/ -- [SA28233] VLC Media Player Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2007-12-25 Some vulnerabilities have been discovered in VLC Media Player, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28233/ -- [SA28230] phpAutoVideo Two File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of sensitive information, System access Released: 2007-12-25 MhZ91 has reported two vulnerabilities in phpAutoVideo, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28230/ -- [SA28250] XZero Community Classifieds "subcatid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2007-12-27 Kw3rLn has reported a vulnerability in XZero Community Classifieds, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28250/ -- [SA28242] mBlog "page" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2007-12-25 irk4z has discovered a vulnerability in mBlog, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28242/ -- [SA28232] MailMachinePRO "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, Manipulation of data Released: 2007-12-26 MhZ91 has reported a vulnerability in MailMachinePRO, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28232/ -- [SA28225] TikiWiki Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, Cross Site Scripting Released: 2007-12-24 Some vulnerabilities have been reported in TikiWiki, where some have unknown impacts and others can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28225/ -- [SA28217] TCPreen FD_SET Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-12-25 A vulnerability has been reported in TCPreen, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28217/ -- [SA28202] CuteNews "search.php" Information Disclosure Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2007-12-24 Janek Vind has reported some vulnerabilities in CuteNews, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28202/ -- [SA28188] Woltlab Burning Board Lite "search.php" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2007-12-21 nbbn has discovered some vulnerabilities in Wotlab Burning Board Lite, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28188/ -- [SA28239] PDFlib "pdc_fsearch_fopen()" Buffer Overflow Vulnerability Critical: Less critical Where: From remote Impact: DoS, System access Released: 2007-12-25 poplix has discovered a vulnerability in PDFlib, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/28239/ -- [SA28235] SimpleForum "searchkey" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-12-25 Jose Luis Gngora Fernndez has reported a vulnerability in SimpleForum Pro, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28235/ -- [SA28216] Sun Java System Web Server / Web Proxy Server Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-12-24 Some vulnerabilities have been reported in Sun Java System Web Server / Web Proxy Server, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28216/ -- [SA28196] IBM HTTP Server Two Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-12-21 IBM has acknowledged two vulnerabilities in IBM HTTP Server, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28196/ -- [SA28190] Limbo "com_option" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-12-26 Omer Singer has discovered a vulnerability in Limbo, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28190/ -- [SA28237] Novell Identity Manager asampsp Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2007-12-26 A vulnerability has been reported in Novell Identity Manager, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28237/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Fri Dec 28 2007 - 01:35:20 PST