Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - April 14, 2009

by Marianna Schmudlach / April 14, 2009 1:23 AM PDT

NanoCMS Information Disclosure and Cross-Site Request Forgery

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: Cross Site Scripting
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: NanoCMS 0.x

Description:
Justin C. Klein Keane has discovered some vulnerabilities in NanoCMS, which can be exploited by malicious people to disclose sensitive information or conduct cross-site request forgery attacks.

http://secunia.com/advisories/34709/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - April 14, 2009
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - April 14, 2009
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Sun Solaris Adobe Reader Multiple Vulnerabilities
by Marianna Schmudlach / April 14, 2009 1:24 AM PDT

Release Date: 2009-04-14

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Workaround

OS: Sun Solaris 10

Description:
Sun has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious people to compromise a user's system.

http://secunia.com/advisories/34706/

Collapse -
Debian update for imp4
by Marianna Schmudlach / April 14, 2009 1:25 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch

OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for imp4. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks.


http://secunia.com/advisories/34703/

Collapse -
e107 User Journals Plugin "blog" SQL Injection Vulnerability
by Marianna Schmudlach / April 14, 2009 1:26 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: User Journals 1.x (plugin for e107)

Description:
A vulnerability has been discovered in the User Journals plugin for e107, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "blog" parameter in userjournals_menu/userjournals.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

http://secunia.com/advisories/34701/

Collapse -
Mini-stream Ripper Playlist Processing Buffer Overflow Vulne
by Marianna Schmudlach / April 14, 2009 1:27 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Mini-stream Ripper 3.x

Description:
Cyber-Zone has discovered a vulnerability in Mini-stream Ripper, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing playlist files and can be exploited to cause a buffer overflow.

This is related to:
SA34647

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 3.0.1.1. Other versions may also be affected.

http://secunia.com/advisories/34692/

Collapse -
X Engine Soft Products SQL Injection Vulnerabilities
by Marianna Schmudlach / April 14, 2009 1:28 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched

Software: X Engine Soft Article Management System 1.x
X Engine Soft Media Gallery System 1.x
X Engine Soft Newsletter Manager 1.x
X Engine Soft Poll Management System 1.x

Description:
Some vulnerabilities have been reported in X Engine Soft products, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "USERNAME" and "PASSWORD" parameters of the administrator login page is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary code.

The vulnerability is reported in the following products and versions:
Article Management System 1.0
Media Gallery System 1.0
Poll Management System 1.0
Newsletter Manager 1.0

http://secunia.com/advisories/34690/

Collapse -
Yellow Duck Weblog "lang" File Inclusion Vulnerability
by Marianna Schmudlach / April 14, 2009 1:29 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched

Software: Yellow Duck Weblog 2.x

Description:
ahmadbady has discovered a vulnerability in Yellow Duck Weblog, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "lang" parameter in include/languages/check.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Successful exploitation with arbitrary file types requires that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 2.1.0 on the Windows platform. Other versions may also be affected.

http://secunia.com/advisories/34688/

Collapse -
Mini-stream ASX to MP3 Converter Playlist Processing Buffer
by Marianna Schmudlach / April 14, 2009 1:30 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Mini-stream ASX to MP3 Converter 3.x


Description:
Cyber-Zone has discovered a vulnerability in Mini-stream ASX to MP3 Converter, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing playlist files and can be exploited to cause a buffer overflow.

http://secunia.com/advisories/34681/

Collapse -
Mini-stream WM Downloader Playlist Processing Buffer Overflo
by Marianna Schmudlach / April 14, 2009 1:31 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Mini-stream WM Downloader 3.x

Description:
Cyber-Zone has discovered a vulnerability in Mini-stream WM Downloader, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing playlist files and can be exploited to cause a buffer overflow.

http://secunia.com/advisories/34674/

Collapse -
HTML Email Creator Buffer Overflow Vulnerabilities
by Marianna Schmudlach / April 14, 2009 1:32 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: HTML Email Creator 2.x

Description:
dun has discovered some vulnerabilities in HTML Email Creator, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to boundary errors when processing e.g. "src", "href", and "background" attributes in HTML files. These can be exploited to cause stack-based buffer overflows when the user is tricked into loading a specially crafted HTML file.

Successful exploitation allows execution of arbitrary code.

The vulnerabilities are confirmed in version 2.1 build 668. Other versions may also be affected.

http://secunia.com/advisories/34671/

Collapse -
FlatNuke Profile Level Privilege Escalation Vulnerability
by Marianna Schmudlach / April 14, 2009 1:33 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: System access
Privilege escalation
Where: From remote
Solution Status: Unpatched

Software: FlatNuke 2.x

Description:
A vulnerability has been discovered in FlatNuke, which can be exploited by malicious users to gain escalated privileges and compromise vulnerable system.

The vulnerability is caused due to an input validation error in sections/none_Login/section.php, which can be exploited to gain administrative privileges to the application via a specially crafted request.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

NOTE: This can further be exploited to upload and execute arbitrary PHP code via the file manager module.

The vulnerability is confirmed in version 2.7.1. Other versions may also be affected.

http://secunia.com/advisories/34670/

Collapse -
PHP for Windows OpenSSL Multiple Vulnerabilities
by Marianna Schmudlach / April 14, 2009 1:34 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: Security Bypass
DoS
Where: From remote
Solution Status: Vendor Patch

Software: PHP 5.2.x

Description:
Some vulnerabilities have been reported in PHP, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).

The vulnerabilities are caused due to the application including a vulnerable version of the OpenSSL library.

http://secunia.com/advisories/34666/

Collapse -
Slackware update for seamonkey
by Marianna Schmudlach / April 14, 2009 1:35 AM PDT

Release Date: 2009-04-14

Critical:
Not critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: Slackware Linux 11.0

Description:
Slackware has issued an update for seamonkey. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service).

http://secunia.com/advisories/34656/

Collapse -
Ubuntu update for clamav
by Marianna Schmudlach / April 14, 2009 1:36 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

OS: Ubuntu Linux 8.10

Description:
Ubuntu has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

http://secunia.com/advisories/34654/

Collapse -
Mini-stream RM-MP3 Converter Playlist Processing Buffer Over
by Marianna Schmudlach / April 14, 2009 1:37 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Mini-stream RM-MP3 Converter 3.x

Description:
Cyber-Zone has discovered a vulnerability in Mini-stream RM-MP3 Converter, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing playlist files and can be exploited to cause a buffer overflow.

http://secunia.com/advisories/34653/

Collapse -
w3b|cms Book Module "spam_id" SQL Injection Vulnerability
by Marianna Schmudlach / April 14, 2009 1:38 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Vendor Patch

Software: Book 3.x (module for w3b|cms)


Description:
A vulnerability has been reported in the Book module for w3b|cms, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "spam_id" parameter in includes/module/book/index.inc.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 3.0.0. Other versions may also be affected.

http://secunia.com/advisories/34650/

Collapse -
Mini-stream RM Downloader Playlist Processing Buffer Overflo
by Marianna Schmudlach / April 14, 2009 1:39 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: Mini-stream RM Downloader 3.x

Description:
Cyber-Zone has discovered a vulnerability in Mini-stream RM Downloader, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing playlist files. This can be exploited to cause a stack-based buffer overflow via e.g. an M3U file having an overly long entry.

Successful exploitation allows execution of arbitrary code.

The vulnerability is confirmed in version 3.0.0.9. Other versions may also be affected.


http://secunia.com/advisories/34647/

Collapse -
IBM Tivoli Continuous Data Protection for Files "reason" Cro
by Marianna Schmudlach / April 14, 2009 1:40 AM PDT

Release Date: 2009-04-14

Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched

Software: IBM Tivoli Continuous Data Protection for Files 3.x

Description:
Abdul-Aziz Hariri has reported a vulnerability in IBM Tivoli Continuous Data Protection for Files, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "reason" parameter in login/FilepathLogin.html is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in the user's browser session in context of an affected site.

The vulnerability is reported in version 3.1.4.0. Other versions may also be affected.

http://secunia.com/advisories/34646/

Collapse -
IBM BladeCenter Advanced Management Module Multiple Vulnerab
by Marianna Schmudlach / April 14, 2009 1:41 AM PDT

Release Date: 2009-04-14

Critical:
Less critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch

Software: IBM BladeCenter Advanced Management Module Firmware 1.x

Description:
Some vulnerabilities and a security issue have been reported in IBM BladeCenter Advanced Management Module, which can be exploited by malicious users to bypass certain security restrictions and disclose potentially sensitive information, and by malicious people to conduct cross-site scripting, script insertion, and cross-site request forgery attacks.

http://secunia.com/advisories/34626/

Collapse -
TeX Live bibtex Buffer Overflow Vulnerability
by Marianna Schmudlach / April 14, 2009 1:42 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched

Software: TeX Live


Description:
A vulnerability has been reported in Tex Live bibtex, which can potentially be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error when processing certain BIB files. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into processing a specially crafted BIB file using bibtex.

The vulnerability is reported in version 20080816. Other versions may also be affected.

http://secunia.com/advisories/34445/

Collapse -
Mac OS X Multiple Vulnerabilities
by Marianna Schmudlach / April 14, 2009 5:19 AM PDT

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: Privilege escalation
DoS
System access
Where: From local network
Solution Status: Unpatched

OS: Apple Macintosh OS X


Description:
Some vulnerabilities have been reported in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to gain escalated privileges, and potentially by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

http://secunia.com/advisories/34424/

Collapse -
Microsoft ISA Server / Forefront Threat Management Gateway T
by Marianna Schmudlach / April 14, 2009 7:18 AM PDT

Microsoft ISA Server / Forefront Threat Management Gateway Two Vulnerabilities

Release Date: 2009-04-14

Critical:
Moderately critical
Impact: Cross Site Scripting
DoS
Where: From remote
Solution Status: Vendor Patch

Software: Microsoft Forefront Threat Management Gateway Medium Business Edition
Microsoft ISA Server 2004
Microsoft ISA Server 2006

http://secunia.com/advisories/34687/

Collapse -
Microsoft Internet Explorer Multiple Vulnerabilities
by Marianna Schmudlach / April 14, 2009 7:19 AM PDT

Release Date: 2009-04-14

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x

Description:
Some vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

http://secunia.com/advisories/34678/

Collapse -
Microsoft Windows HTTP Services Multiple Vulnerabilities
by Marianna Schmudlach / April 14, 2009 7:20 AM PDT

Release Date: 2009-04-14

Critical:
Highly critical
Impact: Spoofing
System access
Where: From remote
Solution Status: Vendor Patch

OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Description:
Some vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to conduct spoofing attacks or compromise a user's system.

http://secunia.com/advisories/34677/

Collapse -
Microsoft DirectShow MJPEG Decompression Vulnerability
by Marianna Schmudlach / April 14, 2009 7:21 AM PDT

Release Date: 2009-04-14

Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Storage Server 2003
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Software: Microsoft DirectX 8.x
Microsoft DirectX 9.x

Description:
A vulnerability has been reported in Microsoft DirectX, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an error when decompressing MJPEG content and can be exploited via a specially crafted MJPEG file.

Successful exploitation may allow execution of arbitrary code.

http://secunia.com/advisories/34665/

Collapse -
EMC RepliStor Buffer Overflow Vulnerability (ctrlservice.exe
by Marianna Schmudlach / April 14, 2009 7:23 AM PDT
Collapse -
Ghostscript jbig2dec JBIG2 Processing Buffer Overflow
by Marianna Schmudlach / April 14, 2009 7:23 AM PDT

Summary
"Ghostscript is an interpreter for the PostScript (TM) language, with the ability to convert PostScript language files to many raster formats, view them on displays, and print them on printers that don't have PostScript language capability built in; An interpreter for Portable Document Format (PDF) files, with the same abilities; ..." Secunia Research has discovered a vulnerability in Ghostscript, which can be exploited by malicious people to potentially compromise a user's system.

Credit:
The information has been provided by Secunia Research.
The original article can be found at: http://secunia.com/secunia_research/2009-21/

http://www.securiteam.com/unixfocus/5AP0B0UQUG.html

Collapse -
Apache Tomcat mod_jk Information Disclosure Vulnerability
by Marianna Schmudlach / April 14, 2009 7:24 AM PDT

Summary
Situations where faulty clients set Content-Length without providing data, or where a user submits repeated requests very quickly may permit one user to view the Apache Tomcat mod_jk response associated with a different user's request.

Credit:
The information has been provided by Mark Thomas.

http://www.securiteam.com/unixfocus/5DP0E0UQUW.html

Collapse -
xine-lib Quicktime STTS Atom Integer Overflow
by Marianna Schmudlach / April 14, 2009 7:25 AM PDT
Collapse -
IBM BladeCenter Advanced Management Module Multiple vulnerab
by Marianna Schmudlach / April 14, 2009 7:26 AM PDT

Summary
"In today s high-demand enterprise environment, organizations need a reliable infrastructure to run compute-intensive applications with minimal maintenance and downtime. IBM BladeCenter H is a powerful platform built with the enterprise customer in mind, providing industry-leading performance, innovative architecture and a solid foundation for virtualization."

"Provides easy integration to promote innovation and help manage growth, complexity and risk"

During a quick overview of BladeCenter AMM web access, it was discovered that web administration interface has multiple vulnerabilities regarding input and request validation.

Credit:
The information has been provided by Henri Lindberg.
The original article can be found at: http://www.louhinetworks.fi/advisory/ibm_090409.txt

http://www.securiteam.com/securitynews/5BP0C0UQUO.html

Collapse -
Microsoft fills Excel, Windows, Word holes
by Marianna Schmudlach / April 14, 2009 7:28 AM PDT

Updated 12:30 p.m. PDT with ZoneAlarm discount offer and 11:50 a.m. PDT with comment from security vendors.

Microsoft on Tuesday closed security holes in Excel, Windows, and Word that had been exploited in the wild as well as other holes for which exploit code or details exist, all as part of its monthly patch update cycle.

The critical Excel hole could allow an attacker to take complete control of an unpatched system if a user opens a specially crafted Excel file. Security firm Symantec said in February that it had discovered malicious files in the wild in Japan that attempt to exploit the Excel Unspecified Remote Code Execution Vulnerability.

The patch affects Microsoft Office, 2002, 2003, and 2007, as well as Microsoft Office 2004 and 2008 for the Mac, according to the Microsoft bulletin.

Microsoft also released a patch for a critical vulnerability in WordPad and Office that could allow remote code execution if a specially crafted file is opened in WordPad or Microsoft Word. This vulnerability is currently being exploited on the Internet, Microsoft said. It affects Windows 2000, Windows XP, Windows XP Professional, Windows Server 2003, Microsoft Office Word 2000 and Word 2002.

More: http://news.cnet.com/8301-1009_3-10219179-83.html?part=rss&subj=news&tag=2547-1009_3-0-20

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.