Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - December 15, 2008

by Marianna Schmudlach / December 14, 2008 10:21 PM PST

HomeBuilder Multiple SQL Injection Vulnerabilities

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: HomeBuilder

Description:
AlpHaNiX has reported some vulnerabilities in HomeBuilder, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "iType" parameter in type.asp and type2.asp, and to the "iPro" parameter in detail.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities are reported in versions 1.0 and 2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
AlpHaNiX

Original Advisory:
http://milw0rm.com/exploits/7462

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - December 15, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - December 15, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Fedora update for roundcubemail
by Marianna Schmudlach / December 14, 2008 10:22 PM PST

Release Date: 2008-12-15

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for roundcubemail. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages using the yum utility ("yum update roundcubemail").

Original Advisory:
FEDORA-2008-11220:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00783.html

FEDORA-2008-11234:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00802.html

Other References:
SA33169:
http://secunia.com/advisories/33169/

Collapse -
RoundCube Webmail "bin/html2text.php" PHP Code Execution
by Marianna Schmudlach / December 14, 2008 10:23 PM PST

Release Date: 2008-12-15

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Vendor Workaround


Software: RoundCube Webmail 0.x

Description:
A vulnerability has been discovered in RoundCube Webmail, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the use of the vulnerable "chuggnutt.com HTML to Plain Text Conversion PHP class", which can be exploited by sending specially crafted POST data to the bin/html2text.php script.

Solution:
Fixed in the SVN repository.
http://trac.roundcube.net/changeset/2148

Provided and/or discovered by:
Reported in a bug by RealMurphy.
http://trac.roundcube.net/ticket/1485618

Original Advisory:
http://trac.roundcube.net/ticket/1485618

Other References:
SA33145:
http://secunia.com/advisories/33145/

Collapse -
RealtyListings Multiple SQL Injection Vulnerabilities
by Marianna Schmudlach / December 14, 2008 10:24 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: RealtyListings

Description:
AlpHaNiX has reported some vulnerabilities in RealtyListings, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "iType" parameter in type.asp and to the "iPro" parameter in detail.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities are reported in versions 1.0 and 2.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
AlpHaNiX

Original Advisory:
http://milw0rm.com/exploits/7464

Collapse -
Sun Solaris "libICE" Denial of Service Vulnerability
by Marianna Schmudlach / December 14, 2008 10:25 PM PST

Release Date: 2008-12-15

Critical:
Less critical
Impact: DoS

Where: From local network
Solution Status: Vendor Patch


OS: Sun Solaris 10
Sun Solaris 8
Sun Solaris 9

Description:
Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the X Inter Client Exchange library (libICE) and can be exploited to cause a crash.

Solution:
Apply patches.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sunsolve.sun.com/search/document.do?assetkey=1-66-243566-1

Collapse -
Avahi Multicast DNS Processing Denial of Service Vulnerabili
by Marianna Schmudlach / December 14, 2008 10:26 PM PST

Release Date: 2008-12-15

Critical:
Less critical
Impact: DoS

Where: From local network
Solution Status: Vendor Patch


Software: Avahi 0.x

Description:
A vulnerability has been reported in Avahi, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when processing multicast DNS (mDNS) data and can be exploited to terminate the application via an UDP packet having a source port equal to zero.

The vulnerability is reported in versions prior to 0.6.24.

Solution:
Update to version 0.6.24.

Provided and/or discovered by:
The vendor credits Hugo Dias.

Original Advisory:
Avahi:
http://avahi.org/milestone/Avahi%200.6.24
http://git.0pointer.de/?p=avahi.git;a...3047f1aa36bed8a37fa79004bf0ee287929f4

Collapse -
ASP-DEv XM Events Diary "cat" SQL Injection Vulnerabilities
by Marianna Schmudlach / December 14, 2008 10:27 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: XM Events Diary

Description:
Some vulnerabilities have been discovered in ASP-DEv XM Events Diary, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "cat" parameter in default.asp and diary_viewC.asp is not properly sanitised before being used SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Pouya_Server and an anonymous person.

Collapse -
Gentoo update for dovecot
by Marianna Schmudlach / December 14, 2008 10:29 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Security Bypass
DoS

Where: From remote
Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for dovecot. This fixes two security issues and a vulnerability, which can be exploited by malicious users to bypass certain security restrictions and malicious people to cause a DoS (Denial of Service).

Solution:
Update to "net-mail/dovecot-1.1.7-r1" or later.

Original Advisory:
GLSA-200812-16:
http://www.gentoo.org/security/en/glsa/glsa-200812-16.xml

Other References:
SA32164:
http://secunia.com/advisories/32164/

SA32479:
http://secunia.com/advisories/32479/

Collapse -
Fedora update for drupal
by Marianna Schmudlach / December 14, 2008 10:30 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for drupal. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site request forgery and cross-site scripting attacks.

Solution:
Apply updated packages via the yum utility ("yum update drupal").

Original Advisory:
FEDORA-2008-11196:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00740.html

FEDORA-2008-11213:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00767.html

Other References:
SA33112:
http://secunia.com/advisories/33112/

Collapse -
Fedora update for phpMyAdmin
by Marianna Schmudlach / December 14, 2008 10:42 PM PST

Release Date: 2008-12-15

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for phpMyAdmin. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site request forgery attacks.

Solution:
Apply updated packages via the yum utility ("yum update phpMyAdmin").

Original Advisory:
FEDORA-2008-11221:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00784.html

FEDORA-2008-11208:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00757.html

Other References:
SA33076:
http://secunia.com/advisories/33076/

Collapse -
chuggnutt.com "HTML to Plain Text Conversion" PHP Class Code
by Marianna Schmudlach / December 14, 2008 10:43 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: System access

Where: From remote
Solution Status: Unpatched


Software: chuggnutt.com "HTML to Plain Text Conversion" PHP Class 1.x

Description:
A vulnerability has been discovered in the chuggnutt.com "HTML to Plain Text Conversion" PHP class, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the class using insecure regular expressions to filter HTML input. This can be exploited to inject and execute arbitrary PHP code by e.g. passing specially crafted data to an application using this class.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that secure regular expressions are used.

Provided and/or discovered by:
Reported in a RoundCube Webmail bug by RealMurphy.

Original Advisory:
http://trac.roundcube.net/ticket/1485618

Collapse -
Fedora update for gallery2
by Marianna Schmudlach / December 14, 2008 10:44 PM PST

Release Date: 2008-12-15

Critical:
Less critical
Impact: Cross Site Scripting
Exposure of system information
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


OS: Fedora 8
Fedora 9

Description:
Fedora has issued an update for gallery2. This fixes some vulnerabilities, can be exploited by malicious users to disclose sensitive information and conduct script insertion attacks.

Original Advisory:
FEDORA-2008-11230:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00794.html

FEDORA-2008-11258:
https://www.redhat.com/archives/fedor...-announce/2008-December/msg00832.html

Other References:
SA31858:
http://secunia.com/advisories/31858/

SA31912:
http://secunia.com/advisories/31912/

Collapse -
IBM Tivoli Provisioning Manager SOAP Authentication Security
by Marianna Schmudlach / December 14, 2008 10:45 PM PST

Release Date: 2008-12-15

Critical:
Less critical
Impact: Security Bypass

Where: From local network
Solution Status: Vendor Workaround


Software: IBM Tivoli Provisioning Manager 5.x

Description:
A security issue has been reported in IBM Tivoli Provisioning Manager, which potentially can be exploited by malicious users to bypass certain security restrictions.

The security issue is caused due to an error in the SOAP authentication mechanism. This can potentially be exploited by an LDAP user to run SOAP commands when LDAP is used for authentication and is shared with other applications.

The security issue is reported in version 5.1.0.2, 5.1.1, and 5.1.1.1.

Solution:
Update to version 5.1.1.1 and apply Interim Fix IF0006.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www-01.ibm.com/support/docview.wss?uid=swg21330228

Collapse -
Debian update for uw-imap
by Marianna Schmudlach / December 14, 2008 10:46 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Privilege escalation
System access

Where: From remote
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for uw-imap. This fixes some vulnerabilities, which can be exploited by malicious, local users to potentially gain escalated privileges, and by malicious people to potentially compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://www.debian.org/security/2008/dsa-1685

Other References:
SA32483:
http://secunia.com/advisories/32483/

Collapse -
Gentoo update for honeyd
by Marianna Schmudlach / December 14, 2008 10:47 PM PST

Release Date: 2008-12-15

Critical:
Less critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for honeyd. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

Solution:
Update to "net-analyzer/honeyd-1.5c-r1" or later.

Original Advisory:
GLSA-200812-12:
http://www.gentoo.org/security/en/glsa/glsa-200812-12.xml

Other References:
SA31658:
http://secunia.com/advisories/31658/

Collapse -
Gentoo update for openoffice and openoffice-bin
by Marianna Schmudlach / December 14, 2008 10:48 PM PST

Release Date: 2008-12-15

Critical:
Highly critical
Impact: Privilege escalation
System access

Where: From remote
Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for openoffice and openoffice-bin. This fixes some vulnerabilities and a security issue, which potentially can be exploited by malicious people to compromise a user's system, and by malicious, local users to perform certain actions with escalated privileges.

Solution:
Update to version "app-office/openoffice-bin-3.0.0" or later.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200812-13.xml

Other References:
SA32419:
http://secunia.com/advisories/32419/

Collapse -
Gentoo update for aview
by Marianna Schmudlach / December 14, 2008 10:49 PM PST

Release Date: 2008-12-15

Critical:
Not critical
Impact: Privilege escalation

Where: Local system
Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for aview. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

The security issue is caused due to the application using temporary files in an insecure manner. This can be exploited to e.g. overwrite arbitrary files via symlink attacks.

Solution:
Update to "media-gfx/aview-1.3.0_rc1-r1" or later.

Original Advisory:
GLSA-200812-14:
http://www.gentoo.org/security/en/glsa/glsa-200812-14.xml

Collapse -
Debian update for no-ip
by Marianna Schmudlach / December 14, 2008 10:51 PM PST

Release Date: 2008-12-15

Critical:
Less critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for no-ip. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

Solution:
Apply updated packages.

Original Advisory:
http://www.debian.org/security/2008/dsa-1686

Other References:
SA32761:
http://secunia.com/advisories/32761/

Collapse -
MPlayer TwinVQ Processing Buffer Overflow Vulnerability
by Marianna Schmudlach / December 14, 2008 10:52 PM PST

Release Date: 2008-12-15

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Vendor Workaround


Software: MPlayer 1.x

Description:
Tobias Klein has reported a vulnerability in MPlayer, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the "demux_open_vqf()" function in libmpdemux/demux_vqf.c. This can be exploited to cause a stack-based buffer overflow via a specially crafted TwinVQ file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 1.0rc2. Other versions may also be affected.

Solution:
Fixed in the SVN repository.
http://svn.mplayerhq.hu/mplayer/branc...=24723&r2=28150&pathrev=28150

Provided and/or discovered by:
Tobias Klein

Original Advisory:
http://trapkit.de/advisories/TKADV2008-014.txt

Collapse -
ASPired2Blog SQL Injection and Database Disclosure
by Marianna Schmudlach / December 14, 2008 10:53 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: ASPired2Blog

Description:
Pouya_Server has reported a vulnerability and a security issue in ASPired2Blog, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information.

Solution:
Edit the source code to ensure that input is properly sanitised.
Move the database file out of the web root.

Provided and/or discovered by:
Pouya_Server

Original Advisory:
http://milw0rm.com/exploits/7436

Collapse -
Joomla Live Chat Component "last" SQL Injection Vulnerabilit
by Marianna Schmudlach / December 14, 2008 10:54 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: Live Chat 1.x (component for Joomla)

Description:
Some vulnerabilities have been discovered in the Live Chat component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "last" parameter in getChat.php, getChatRoom.php, and getSavedChatRooms.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are confirmed in version 1.0 (Free Edition). Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
jdc and an anonymous person

Original Advisory:
http://milw0rm.com/exploits/7441

Collapse -
FlexPHPNews "checkuser" and "checkpass" SQL Injection
by Marianna Schmudlach / December 14, 2008 10:55 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: FlexPHPNews 0.x

Description:
Osirys has discovered some vulnerabilities in FlexPHPNews, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "checkuser" and "checkpass" parameters in admin/index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

These vulnerabilities can be exploited to bypass the authentication mechanism.

These vulnerabilities are confirmed in version 0.0.6. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Osirys

Original Advisory:
http://milw0rm.com/exploits/7443

Collapse -
Fujitsu Interstage HTTP Server Cross-Site Scripting Vulnerab
by Marianna Schmudlach / December 14, 2008 10:56 PM PST

Release Date: 2008-12-15

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: Interstage Application Server 5.x
Interstage Application Server 6.x
Interstage Application Server 7.x
Interstage Application Server 8.x
Interstage Application Server 9.x
Interstage Apworks 6.x
Interstage Apworks 7.x
Interstage Business Application Server 8.x
Interstage Job Workload Server 8.x
Interstage Studio 8.x
Interstage Studio 9.x

Description:
Fujitsu has acknowledged some vulnerabilities in Interstage HTTP Server, which can be exploited by malicious people to conduct cross-site scripting attacks.

Solution:
The vendor recommends to edit the configuration as a workaround (please see the vendor's advisory for details).

Original Advisory:
http://www.fujitsu.com/global/support...ty/products-f/interstage-200807e.html

Other References:
SA27906:
http://secunia.com/advisories/27906/

Collapse -
ASP-DEv Internal E-Mail System "login" and "password" SQL In
by Marianna Schmudlach / December 14, 2008 10:57 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From local network
Solution Status: Unpatched


Software: Internal E-Mail System

Description:
Pouya_Server has discovered some vulnerabilities in ASP-DEv Internal E-Mail System, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "login" and "password" parameters in login.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows bypassing the authentication mechanism.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Pouya_Server

Original Advisory:
http://milw0rm.com/exploits/7447

Collapse -
CodeAvalanche FreeForum "CAForum.mdb" Database Disclosure
by Marianna Schmudlach / December 14, 2008 10:58 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: CodeAvalanche FreeForum

Description:
Ghost Hacker has discovered a security issue in CodeAvalanche FreeForum, which can be exploited by malicious people to disclose sensitive information.

A security issue is caused due to the "CAForum.mdb" database being stored with insecure permissions inside the web root. This can be exploited to gain knowledge of sensitive information (e.g. the administrator password) by downloading the file.

Solution:
Move the database file out of the web root.

Provided and/or discovered by:
Ghost Hacker

Original Advisory:
http://milw0rm.com/exploits/7450

Collapse -
Red Hat update for enscript
by Marianna Schmudlach / December 14, 2008 11:00 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: System access

Where: From remote
Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)

Description:
Red Hat has issued an update for enscript. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
RHSA-2008-1016:
https://rhn.redhat.com/errata/RHSA-2008-1016.html

Other References:
SA32137:
http://secunia.com/advisories/32137/

Collapse -
Red Hat update for pidgin
by Marianna Schmudlach / December 14, 2008 11:01 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Spoofing
DoS
System access

Where: From remote
Solution Status: Vendor Patch


OS: Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 4



Software: RHEL Optional Productivity Applications (v. 5 server)

Description:
Red Hat has issued an update for pidgin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks, to cause a DoS (Denial of Service), and potentially to compromise a user's system.

Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-1023.html

Other References:
SA30881:
http://secunia.com/advisories/30881/

SA31390:
http://secunia.com/advisories/31390/

Collapse -
Red Hat update for cups
by Marianna Schmudlach / December 14, 2008 11:02 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: System access

Where: From local network
Solution Status: Vendor Patch


OS: RedHat Enterprise Linux AS 3
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux WS 3

Description:
Red Hat has issued an update for cups. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an integer overflow error in the processing of PNG files.

Solution:
Updated packages are available via Red Hat Network.
https://rhn.redhat.com/

Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-1028.html

Other References:
SA29809:
http://secunia.com/advisories/29809/

Collapse -
HTMPL "help" Command Injection Vulnerability
by Marianna Schmudlach / December 14, 2008 11:03 PM PST

Release Date: 2008-12-15

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Unpatched


Software: HTMPL 1.x

Description:
ZeN has discovered a vulnerability in HTMPL, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "help" parameter in htmpl_admin.cgi is not properly sanitised before being used. This can be exploited to e.g. inject and execute arbitrary shell commands.

The vulnerability is confirmed in version 1.11. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
ZeN

Original Advisory:
http://milw0rm.com/exploits/7404

Collapse -
PHP Weather Multiple Vulnerabilities
by Marianna Schmudlach / December 14, 2008 11:04 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Cross Site Scripting
Exposure of system information
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: PHP Weather 2.x

Description:
ahmadbady has discovered some vulnerabilities in PHP Weather, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

Solution:
Edit the source code to ensure that input is properly verified and sanitised.

Provided and/or discovered by:
ahmadbady

Original Advisory:
http://milw0rm.com/exploits/7451

Collapse -
CMS ISWEB SQL Injection and Cross-Site Scripting
by Marianna Schmudlach / December 14, 2008 11:06 PM PST

Release Date: 2008-12-15

Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: CMS ISWEB

Description:
XaDoS has reported some vulnerabilities in CMS ISWEB, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks.

Solution:
Edit the source code tn ensure that input is properly sanitised.

Provided and/or discovered by:
XaDoS

Original Advisory:
http://milw0rm.com/exploits/7465

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.