Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - December 27, 2007

IPortalX Multiple Cross-Site Scripting Vulnerabilities

Secunia Advisory: SA28252
Release Date: 2007-12-27


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: iPortalX

Description:
Doz has reported some vulnerabilities in IPortalX, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the forum/login_user.asp and blogs.asp files is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Doz, Hackers Center Security Group

Original Advisory:
http://www.iportalx.net/forum/forum_posts.asp?TID=3465&PN=1

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - December 27, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - December 27, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Mambo Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - December 27, 2007

Secunia Advisory: SA28251
Release Date: 2007-12-27


Critical:
Highly critical
Impact: Unknown
Cross Site Scripting
System access

Where: From remote

Solution Status: Vendor Patch


Software: Mambo 4.x

Description:
Some vulnerabilities have been reported in Mambo, one with an unknown impact and others, which can be exploited by malicious people to conduct cross-site scripting attacks or to compromise a vulnerable system.

1) A vulnerability is caused due to the use of a vulnerable copy of PHPMailer.

For more information:
SA25626

2) Input passed to unknown parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation of this vulnerability requires that the target user has valid administrator credentials.

3) A vulnerability is caused due to unknown errors in the template chooser functionality. No further information is currently available.

The vulnerabilities are reported in version 4.6.2. Prior versions may also be affected.

Solution:
Update to version 4.6.3.

Provided and/or discovered by:
1) Originally reported in PHPMailer by Thor Larholm.
2, 3) Reported by the vendor.

Original Advisory:
http://source.mambo-foundation.org/content/view/134/1/

Collapse -
XZero Community Classifieds "subcatid" SQL Injection

In reply to: VULNERABILITIES \ FIXES - December 27, 2007

Secunia Advisory: SA28250
Release Date: 2007-12-27


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: XZero Community Classifieds 4.x

Description:
Kw3rLn has reported a vulnerability in XZero Community Classifieds, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "subcatid" parameter in index.php (when "view" is set to "post") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in versions 4.95.11 and 4.96. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Kw3rLn

Original Advisory:
http://milw0rm.com/exploits/4794

Collapse -
Bitflu StorageFarabDb Security Bypass Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 27, 2007

Secunia Advisory: SA28238
Release Date: 2007-12-27


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Bitflu 0.x

Description:
A vulnerability has been reported in Bitflu, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to the improper handling of ".torrent" files within the StorageFarabDb module. This can be exploited to create new files or to append data to existing files outside the working directory.

The vulnerability is reported in versions prior to 0.42.

Solution:
Update to version 0.42.
http://bitflu.workaround.ch/dload.html

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://bitflu.workaround.ch/ChangeLog.txt

Collapse -
Debian update for cupsys

In reply to: VULNERABILITIES \ FIXES - December 27, 2007

Secunia Advisory: SA28200
Release Date: 2007-12-27


Critical:
Moderately critical
Impact: Privilege escalation
DoS
System access

Where: From local network

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for cupsys. This fixes a security issue and a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges, and by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

For more information:
SA28129
SA28139

Solution:
Apply updated packages.

Original Advisory:
http://www.us.debian.org/security/2007/dsa-1437

Other References:
SA28129:
http://secunia.com/advisories/28129/

SA28139:
http://secunia.com/advisories/28139/

Collapse -
Mantis "Upload File" Script Insertion Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 27, 2007

Secunia Advisory: SA28185
Release Date: 2007-12-27


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Mantis 1.x

Description:
seiji has discovered a vulnerability in Mantis, which can be exploited by malicious users to conduct script insertion attacks.

Input passed as the filename for the uploaded file in bug_report.php is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious filename is viewed in view.php.

Successful exploitation requires valid user credentials.

The vulnerability is confirmed in version 1.0.8. Other versions may also be affected.

Solution:
Update to version 1.1.0.

Provided and/or discovered by:
seiji

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=562940
http://www.mantisbt.org/bugs/view.php?id=8679

Collapse -
More critical security vulnerabilities in VLC media player

In reply to: VULNERABILITIES \ FIXES - December 27, 2007

Two critical security holes have been discovered in the VLC media player, which is available for many operating systems including; Linux, Mac OS, and Windows. One of them has been known since this summer and can be exploited when data are played back by the VLC. The second hole allows attackers to get control of affected systems via the VLC.

The first vulnerability is a buffer overflow that occurs in the handling of subtitles. The program's developers were made aware of the problem at the end of June and corrected it shortly afterwards in the source code developer system. But it turns out that, although the remedied development line is included in newer versions, it did not make it into the 0.8.6 development code. This is the development code that all of the versions released in the past few months are based on. As a result, security update 0.8.6d released at the beginning of the month, does not contain this correction.

More: http://www.heise-security.co.uk/news/101081

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.