======================================================================== The Secunia Weekly Advisory Summary 2009-02-05 - 2009-02-12 This week: 60 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Monthly Binary Analysis Update (January) The first month of 2009 is behind us and we started the year out nicely by issuing 29 BAs. Read more: http://secunia.com/blog/42/ ======================================================================== 2) This Week in Brief: Microsoft has released their security bulletins for February 2009. For more information, refer to: http://secunia.com/advisories/33838/ http://secunia.com/advisories/33845/ http://secunia.com/advisories/33833/ -- A vulnerability has been reported in BlackBerry Application Web Loader, which can be exploited by malicious people to compromise a user's system. For more information, refer to: http://secunia.com/advisories/33847/ -- A vulnerability has been reported in Google Chrome, which can be exploited by malicious people to potentially compromise a user's system. For more information, refer to: http://secunia.com/advisories/33800/ ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA33799] Mozilla Firefox Multiple Vulnerabilities 2. [SA33800] Google Chrome URI Handler Registration Vulnerability 3. [SA32991] Sun Java JDK / JRE Multiple Vulnerabilities 4. [SA33844] Cisco IOS Cross-Site Scripting and Cross-Site Request Forgery 5. [SA33632] Apple QuickTime Multiple Vulnerabilities 6. [SA33857] HP OpenView Network Node Manager Multiple Vulnerabilities 7. [SA32270] Adobe Flash Player Multiple Security Issues and Vulnerabilities 8. [SA13769] Zeroboard Multiple Vulnerabilities 9. [SA33089] Internet Explorer Data Binding Memory Corruption Vulnerability 10. [SA33835] Drupal Link Module "description" Script Insertion Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA33892] Becky! Internet Mail Read Receipt Request Vulnerability [SA33924] GeoVision Digital Video Surveillance System Directory Traversal Vulnerability [SA33907] Craft Silicon Banking_at_Home "LoginName" SQL Injection [SA33877] w3b|cms Multiple SQL Injection Vulnerabilities [SA33874] A Better Member-Based ASP Photo Gallery "entry" SQL Injection [SA33873] Bahar Download Script "kid" SQL Injection Vulnerability [SA33879] FotoWeb "s" Cross-Site Scripting Vulnerability [SA33867] Trend Micro InterScan Web Security Suite Security Bypass UNIX/Linux: [SA33869] Ubuntu update for firefox-3.0 and xulrunner-1.9 [SA33910] Red Hat update for mod_auth_mysql [SA33906] Avaya Products OpenSSL DSA / ECDSA "EVP_VerifyFinal()" Spoofing [SA33900] Ubuntu update for firefox [SA33871] Debian update for typo3-src [SA33864] Red Hat update for netpbm [SA33859] Red Hat update for vnc [SA33917] Debian update for libpam-krb5 [SA33912] Debian update for phpmyadmin [SA33902] Ubuntu update for firefox [SA33897] Debian update for boinc [SA33890] Fail2ban "wuftpd.conf" Denial of Service Vulnerability [SA33886] Novell Open Enterprise Server QuickFinder Cross-Site Scripting Vulnerabilities [SA33882] Avaya CMS BIND "EVP_VerifyFinal()" and "DSA_do_verify()" Spoofing Vulnerability [SA33858] Red Hat update for kernel [SA33884] Net-snmp TCP Wrapper Information Disclosure Vulnerability [SA33915] IBM AIX "at" Command Privilege Escalation Vulnerability [SA33914] pam-krb5 File Overwrite and Privilege Escalation [SA33905] Avaya CMS Solaris "autofs" Kernel Module Vulnerability [SA33870] Wicd D-Bus Configuration Information Disclosure Security Issue [SA33868] libvirt "proxyReadClientSocket()" Buffer Overflow Vulnerability [SA33918] Debian update for libpam-heimdal [SA33904] Avaya CMS Solaris IP Minor Numbers Denial of Service Vulnerability [SA33903] Avaya CMS Solaris IP-in-IP Processing Denial of Service Vulnerability [SA33885] Gentoo update for sudo [SA33860] HP-UX NFS Denial of Service Vulnerability Other: [SA33896] Netgear SSL312 Web Interface Denial of Service Vulnerability Cross Platform: [SA33866] AdaptCMS Lite File Inclusion and Cross-Site Scripting [SA33865] SnippetMaster File Inclusion and Cross-Site Scripting Vulnerabilities [SA33922] Graugon Gallery Security Bypass and SQL Injection [SA33920] Den Dating Website Script "txtlookgender" SQL Injection [SA33911] Papoo CMS "pfadhier" Local File Inclusion Vulnerability [SA33908] Auth PHP "username" SQL Injection Vulnerability [SA33899] PHP-Calendar Two Information Disclosure Security Issues [SA33893] ilchClan "X-Forwarded-For" SQL Injection Vulnerability [SA33883] If-CMS "id" SQL Injection Vulnerability [SA33880] Tor Multiple Vulnerabilities [SA33878] glFusion "username" Script Insertion Vulnerability [SA33876] Calendarix Basic "login" SQL Injection Vulnerabilities [SA33875] BusinessSpace "id" SQL Injection Vulnerability [SA33872] Wireshark NetScreen Snoop Capture File Buffer Overflow Vulnerability [SA33863] Zeroboard XE "content" Script Insertion Vulnerability [SA33862] Yet Another NOCC "lang" Local File Inclusion Vulnerability [SA33857] HP OpenView Network Node Manager Multiple Vulnerabilities [SA33919] Drupal Advertisement Module Script Insertion Vulnerability [SA33894] Sajax "sajax_get_common_js()" Cross-Site Scripting Vulnerability [SA33891] Trend Micro InterScan Web Security "Proxy-Authorization" Information Disclosure [SA33888] Pebble Cross-Site Scripting Vulnerability [SA33887] SilverNews "section" Local File Inclusion Vulnerability [SA33856] Thyme "phpinfo.php" Information Disclosure [SA33898] Drupal "Administer Content Types" Permission Security Issue [SA33881] MediaWiki Installer Cross-Site Scripting Vulnerabilities ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA33892] Becky! Internet Mail Read Receipt Request Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2009-02-12 A vulnerability has been reported in Becky! Internet Mail, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/33892/ -- [SA33924] GeoVision Digital Video Surveillance System Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2009-02-12 Dejan Levaja has reported a vulnerability in GeoVision Digital Video Surveillance System, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/33924/ -- [SA33907] Craft Silicon Banking_at_Home "LoginName" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2009-02-11 Francesco Bianchino has reported a vulnerability in Craft Silicon Banking_at_Home, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/33907/ -- [SA33877] w3b|cms Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2009-02-11 DNX has reported some vulnerabilities in w3b|cms, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/33877/ -- [SA33874] A Better Member-Based ASP Photo Gallery "entry" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2009-02-10 BackDoor has discovered a vulnerability in A Better Member-Based ASP Photo Gallery, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/33874/ -- [SA33873] Bahar Download Script "kid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2009-02-12 CyberGrup Lojistik has reported a vulnerability in Bahar Download Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/33873/ -- [SA33879] FotoWeb "s" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2009-02-09 A vulnerability has been reported in FotoWeb, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/33879/ -- [SA33867] Trend Micro InterScan Web Security Suite Security Bypass Critical: Less critical Where: From local network Impact: Security Bypass Released: 2009-02-09 Julien Cayssol has reported a vulnerability in Trend Micro InterScan Web Security Suite, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/33867/ UNIX/Linux:-- [SA33869] Ubuntu update for firefox-3.0 and xulrunner-1.9 Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2009-02-11 Ubuntu has issued an update for firefox-3.0 and xulrunner-1.9. This fixes some vulnerabilities, which can be exploited by malicious, local users to potentially disclose sensitive information, and by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, disclose sensitive information, or potentially to compromise a user's system. Full Advisory: http://secunia.com/advisories/33869/ -- [SA33910] Red Hat update for mod_auth_mysql Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2009-02-12 Red Hat has issued an update for mod_auth_mysql. This fixes a vulnerability, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/33910/ -- [SA33906] Avaya Products OpenSSL DSA / ECDSA "EVP_VerifyFinal()" Spoofing Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2009-02-09 Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/33906/ -- [SA33900] Ubuntu update for firefox Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2009-02-11 Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information. Full Advisory: http://secunia.com/advisories/33900/ -- [SA33871] Debian update for typo3-src Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2009-02-11 Debian has issued an update for typo3-src. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information. Full Advisory: http://secunia.com/advisories/33871/ -- [SA33864] Red Hat update for netpbm Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2009-02-12 Red Hat has issued an update for netpbm. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/33864/ -- [SA33859] Red Hat update for vnc Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2009-02-12 Red Hat has issued an update for vnc. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/33859/ -- [SA33917] Debian update for libpam-krb5 Critical: Less critical Where: From remote Impact: Manipulation of data, Privilege escalation Released: 2009-02-12 Debian has issued an update for libpam-krb5. This fixes some vulnerabilities, which can be exploited by malicious, local users to overwrite files and to gain escalated privileges. Full Advisory: http://secunia.com/advisories/33917/ -- [SA33912] Debian update for phpmyadmin Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2009-02-12 Debian has issued an update for phpmyadmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/33912/ -- [SA33902] Ubuntu update for firefox Critical: Less critical Where: From remote Impact: Security Bypass Released: 2009-02-11 Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/33902/ -- [SA33897] Debian update for boinc Critical: Less critical Where: From remote Impact: Spoofing Released: 2009-02-09 Debian has issued an update for boinc. This fixes a vulnerability, which can potentially be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/33897/ -- [SA33890] Fail2ban "wuftpd.conf" Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2009-02-11 A vulnerability has been reported in Fail2ban, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/33890/ -- [SA33886] Novell Open Enterprise Server QuickFinder Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2009-02-12 Ivan Sanchez has reported some vulnerabilities in Novell QuickFinder Server, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/33886/ -- [SA33882] Avaya CMS BIND "EVP_VerifyFinal()" and "DSA_do_verify()" Spoofing Vulnerability Critical: Less critical Where: From remote Impact: Spoofing Released: 2009-02-09 Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/33882/ -- [SA33858] Red Hat update for kernel Critical: Less critical Where: From remote Impact: DoS, System access Released: 2009-02-11 Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), and by malicious people to cause a DoS or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/33858/ -- [SA33884] Net-snmp TCP Wrapper Information Disclosure Vulnerability Critical: Less critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information Released: 2009-02-12 A vulnerability has been reported in Net-snmp, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/33884/ -- [SA33915] IBM AIX "at" Command Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation Released: 2009-02-11 A vulnerability has been reported in AIX, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/33915/ -- [SA33914] pam-krb5 File Overwrite and Privilege Escalation Critical: Less critical Where: Local system Impact: Manipulation of data, Privilege escalation Released: 2009-02-12 Some vulnerabilities have been reported in pam-krb5, which can be exploited by malicious, local users to overwrite files and to gain escalated privileges. Full Advisory: http://secunia.com/advisories/33914/ -- [SA33905] Avaya CMS Solaris "autofs" Kernel Module Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2009-02-09 Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially to gain escalated privileges. Full Advisory: http://secunia.com/advisories/33905/ -- [SA33870] Wicd D-Bus Configuration Information Disclosure Security Issue Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2009-02-09 A security issue has been reported in Wicd, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/33870/ -- [SA33868] libvirt "proxyReadClientSocket()" Buffer Overflow Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2009-02-11 A vulnerability has been reported in libvirt, which can be exploited by malicious, local users to potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/33868/ -- [SA33918] Debian update for libpam-heimdal Critical: Not critical Where: From remote Impact: Manipulation of data, Privilege escalation Released: 2009-02-12 Debian has issued an update for libpam-heimdal. This fixes a vulnerability, which can be exploited by malicious, local users to overwrite files and potentially to gain escalated privileges. Full Advisory: http://secunia.com/advisories/33918/ -- [SA33904] Avaya CMS Solaris IP Minor Numbers Denial of Service Vulnerability Critical: Not critical Where: Local system Impact: DoS Released: 2009-02-09 Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/33904/ -- [SA33903] Avaya CMS Solaris IP-in-IP Processing Denial of Service Vulnerability Critical: Not critical Where: Local system Impact: DoS Released: 2009-02-09 Avaya has acknowledged a vulnerability in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/33903/ -- [SA33885] Gentoo update for sudo Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2009-02-09 Gentoo has issued an update for sudo. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/33885/ -- [SA33860] HP-UX NFS Denial of Service Vulnerability Critical: Not critical Where: Local system Impact: DoS Released: 2009-02-06 A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/33860/ Other:-- [SA33896] Netgear SSL312 Web Interface Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2009-02-11 Rembrandt has reported a vulnerability in Netgear SSL312, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/33896/ Cross Platform:-- [SA33866] AdaptCMS Lite File Inclusion and Cross-Site Scripting Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information, System access Released: 2009-02-10 RoMaNcYxHaCkEr has discovered some vulnerabilities in AdaptCMS Lite, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/33866/ -- [SA33865] SnippetMaster File Inclusion and Cross-Site Scripting Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information, System access Released: 2009-02-10 RoMaNcYxHaCkEr has discovered some vulnerabilities in SnippetMaster, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/33865/ -- [SA33922] Graugon Gallery Security Bypass and SQL Injection Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2009-02-12 x0r has discovered some vulnerabilities in Graugon Gallery, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/33922/ -- [SA33920] Den Dating Website Script "txtlookgender" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2009-02-12 nuclear has reported a vulnerability in Den Dating Website Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/33920/ -- [SA33911] Papoo CMS "pfadhier" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2009-02-11 SirGod has discovered a vulnerability in Papoo CMS, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/33911/ -- [SA33908] Auth PHP "username" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2009-02-11 x0r has discovered a vulnerability in Auth PHP, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/33908/ -- [SA33899] PHP-Calendar Two Information Disclosure Security Issues Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2009-02-09 Two security issues have been reported in PHP-Calendar, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/33899/ -- [SA33893] ilchClan "X-Forwarded-For" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2009-02-09 Gizmore has discovered a vulnerability in ilchClan, which can be exploited by malicious people to conduct SQL Injection attacks. Full Advisory: http://secunia.com/advisories/33893/ -- [SA33883] If-CMS "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2009-02-10 darkjoker has discovered a vulnerability in If-CMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/33883/ -- [SA33880] Tor Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, DoS Released: 2009-02-10 Some vulnerabilities have been reported in Tor, where one has an unknown impact and others can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/33880/ -- [SA33878] glFusion "username" Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2009-02-09 A vulnerability has been reported in glFusion, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/33878/ -- [SA33876] Calendarix Basic "login" SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2009-02-12 Two vulnerabilities have been reported in Calendarix Basic, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/33876/ -- [SA33875] BusinessSpace "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2009-02-10 M.Hasran Addahroni has reported a vulnerability in BusinessSpace, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/33875/ -- [SA33872] Wireshark NetScreen Snoop Capture File Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2009-02-09 A vulnerability has been reported in Wireshark, which can be exploited by malicious people to potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/33872/ -- [SA33863] Zeroboard XE "content" Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2009-02-11 make0day has discovered a vulnerability in Zeroboard XE, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/33863/ -- [SA33862] Yet Another NOCC "lang" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2009-02-10 Kacper has discovered a vulnerability in Yet Another NOCC, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/33862/ -- [SA33857] HP OpenView Network Node Manager Multiple Vulnerabilities Critical: Moderately critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2009-02-06 Some vulnerabilities have been reported in HP OpenView Network Node Manager, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/33857/ -- [SA33919] Drupal Advertisement Module Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2009-02-12 Justin C. Klein Keane has reported a vulnerability in the Advertisement module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/33919/ -- [SA33894] Sajax "sajax_get_common_js()" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2009-02-10 Daniel Toma has discovered a vulnerability in Sajax, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/33894/ -- [SA33891] Trend Micro InterScan Web Security "Proxy-Authorization" Information Disclosure Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2009-02-12 david.vorel has reported a vulnerability in Trend Micro InterScan Web Security Suite and Trend Micro InterScan Web Security Virtual Appliance, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/33891/ -- [SA33888] Pebble Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2009-02-11 A vulnerability has been reported in Pebble, which can be exploited by malicious people to conduct cross-site scripting attacks Full Advisory: http://secunia.com/advisories/33888/ -- [SA33887] SilverNews "section" Local File Inclusion Vulnerability Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2009-02-09 x0r has discovered a vulnerability in SilverNews, which can be exploited by malicious users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/33887/ -- [SA33856] Thyme "phpinfo.php" Information Disclosure Critical: Less critical Where: From remote Impact: Exposure of system information Released: 2009-02-11 cheverok has discovered a security issue in Thyme, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/33856/ -- [SA33898] Drupal "Administer Content Types" Permission Security Issue Critical: Not critical Where: From remote Impact: Privilege escalation Released: 2009-02-12 A security issue has been reported in Drupal, which can lead to unauthorised users performing actions with escalated privileges. Full Advisory: http://secunia.com/advisories/33898/ -- [SA33881] MediaWiki Installer Cross-Site Scripting Vulnerabilities Critical: Not critical Where: From remote Impact: Cross Site Scripting Released: 2009-02-09 Some vulnerabilities have been reported in MediaWiki, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/33881/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Subscribe: http://secunia.com/advisories/weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support_at_private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _______________________________________________ Best Selling Security Books & More! http://www.shopinfosecnews.org/Received on Thu Feb 12 2009 - 23:06:57 PST
This archive was generated by hypermail 2.2.0 : Thu Feb 12 2009 - 23:13:39 PST