Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - December 29, 2008

Google Calendar Phishing returns

29 December 2008

In his blog, Graham Cluley of Sophos alerts his readers to the return of Google Calendar phishing attacks. Originally spotted in the summer, Google Calendar phishing uses event invitations to Calendar users asking them to "Verify Your Account" or face account deletion. Victims of this phish are asked to accept the invitation and confirm their user name, password and date of birth, in their acceptance.

More: http://www.heise-online.co.uk/security/Google-Calendar-Phishing-returns--/news/112318

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - December 29, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - December 29, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Joomla PaxGallery Component "gid" SQL Injection Vulnerabilit

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: PaxGallery 0.x (component for Joomla)

Description:
XaDoS has reported a vulnerability in the PaxGallery component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "gid" parameter in index.php (when "option" is set to "com_paxgallery") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

This vulnerability is reported in version 0.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
XaDoS

Original Advisory:
http://www.milw0rm.com/exploits/7587

Collapse -
DeluxeBB "delete*" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Less critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: DeluxeBB 1.x

Description:
StAkeR has discovered a vulnerability in DeluxeBB, which can be exploited by malicious users to conduct SQL injection attacks.

Input passed to the "delete*" parameter in pm.php (when "*" is set to a valid message identifier) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.

This vulnerability is confirmed in version 1.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
StAkeR

Original Advisory:
http://www.milw0rm.com/exploits/7593

Collapse -
MWP Blog System "id" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: MWP Blog System 1.x (Infusion for PHP-Fusion)

Description:
A vulnerability has been discovered in MWP Blog System for PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in blog.php (if "page" is set to "blog_id") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation may require that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 1.51. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Sina Yazdanmehr

Original Advisory:
http://www.milw0rm.com/exploits/7598

Collapse -
ForumApp Database Disclosure

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: ForumApp 3.x

Description:
Cyber.Zer0 has discovered a security issue in ForumApp, which can be exploited by malicious people to disclose sensitive information.

The "data/8690.mdb" and "data/8690BAK.mdb" database files are stored with insecure permissions inside the web root. This can be exploited to gain knowledge of sensitive information by downloading the file.

This security issue is confirmed in version 3.3. Other versions may also be affected.

Solution:
Move the database file out of the web root.

Provided and/or discovered by:
Cyber.Zer0

Original Advisory:
http://www.milw0rm.com/exploits/7599

Collapse -
FlexPHPLink Pro File Upload Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Unpatched


Software: FlexPHPLink Pro 0.x

Description:
Osirys has discovered a vulnerability in FlexPHPLink Pro, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the "submitlink.php" script failing to validate the types of uploaded images. This can be exploited to upload files with arbitrary extensions (e.g. php) and execute arbitrary PHP code on the server.

This vulnerability is confirmed in version 0.0.7. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
Osirys

Original Advisory:
http://www.milw0rm.com/exploits/7600

Collapse -
webClassifieds SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote
Solution Status: Unpatched


Software: webClassifieds 1.x

Description:
AnGeL25dZ has reported a vulnerability in webClassifieds, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "password" parameter in index.php (when "page" is set to "sign_in") is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
AnGeL25dZ

Original Advisory:
http://www.milw0rm.com/exploits/7602

Collapse -
eDNews "lg" File Inclusion Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote
Solution Status: Unpatched


Software: eDNews 2.x

Description:
GoLd_M has discovered a vulnerability in eDNews, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "lg" parameter in myConfig.php is not properly verified before it is being used to include files e.g. via eDNews_archive.php. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Successful exploitation with arbitrary file extensions requires that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
GoLd_M

Original Advisory:
http://www.milw0rm.com/exploits/7603

Collapse -
eDContainer "lg" File Inclusion Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Moderately critical
Impact: Exposure of sensitive information
Exposure of system information

Where: From remote
Solution Status: Unpatched


Software: eDContainer 2.x

Description:
GoLd_M has reported a vulnerability in eDContainer, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "lg" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal attacks.

Successful exploitation with arbitrary file extensions requires that "magic_quotes_gpc" is disabled.

The vulnerability is confirmed in version 2.22. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
GoLd_M

Original Advisory:
http://www.milw0rm.com/exploits/7604

Collapse -
Ultimate PHP Board "User-Agent" Script Insertion

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Moderately critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: Ultimate PHP Board (UPB) 2.x



Description:
A vulnerability has been discovered in Ultimate PHP Board, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via the HTTP "User-Agent" header is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious data is viewed in the IP Address logs.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Additional information about vulnerable version 2.x provided by athos.

Original Advisory:
http://www.milw0rm.com/exploits/7607

Other References:
SA16144:
http://secunia.com/advisories/16144/

Collapse -
Hex Workshop Color Map Buffer Overflow Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Highly critical
Impact: System access

Where: From remote
Solution Status: Unpatched


Software: Hex Workshop 5.x

Description:
Encrypt3d.M!nd has discovered a vulnerability in Hex Workshop, which potentially can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the processing of color map files. This can be exploited to cause a heap-based buffer overflow by tricking the user into selecting a color map file containing an overly long hex sequence.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 5.1.4.4188. Other versions may also be affected.

Solution:
Do not select untrusted color map (*.cmap) files.

Provided and/or discovered by:
Encrypt3d.M!nd

Original Advisory:
http://www.milw0rm.com/exploits/7592

Collapse -
PHPmotion Cross-Site Request Forgery Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Unpatched


Software: PHPmotion 2.x

Description:
Ausome1 has discovered a vulnerability in PHPmotion, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change a user's password by tricking the user into visiting a malicious web site.

The vulnerability is confirmed in version 2.1. Other versions may also be affected.

Solution:
Do not visit untrusted websites or follow untrusted links while logged on to the application.

Provided and/or discovered by:
Ausome1

Original Advisory:
http://milw0rm.com/exploits/7557

Collapse -
Slackware update for seamonkey

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information
System access

Where: From remote
Solution Status: Vendor Patch


OS: Slackware Linux 11.0

Description:
Slackware has issued an update for seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose sensitive information, conduct cross-site scripting attacks, or potentially compromise a user's system.

Solution:
Apply updated packages.

Slackware 11.0:
ftp://ftp.slackware.com/pub/slackware...seamonkey-1.1.14-i486-1_slack11.0.tgz

Slackware 12.0:
ftp://ftp.slackware.com/pub/slackware...seamonkey-1.1.14-i486-1_slack12.0.tgz

Slackware 12.1:
ftp://ftp.slackware.com/pub/slackware...seamonkey-1.1.14-i486-1_slack12.1.tgz

Slackware 12.2:
ftp://ftp.slackware.com/pub/slackware...seamonkey-1.1.14-i486-1_slack12.2.tgz

Slackware -current:
ftp://ftp.slackware.com/pub/slackware...kware/xap/seamonkey-1.1.14-i486-1.tgz

Original Advisory:
SSA:2008-362-01:
http://www.slackware.org/security/vie...=2008&m=slackware-security.404783

Other References:
SA33204:
http://secunia.com/advisories/33204/

Collapse -
Debian update for php-xajax

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Collapse -
Debian update for phppgadmin

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Moderately critical
Impact: Cross Site Scripting
Exposure of system information
Exposure of sensitive information

Where: From remote
Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for phppgadmin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and disclose sensitive information.

Solution:
Apply updated packages.

Original Advisory:
DSA-1693-1:
http://lists.debian.org/debian-security-announce/2008/msg00287.html

Other References:
SA25446:
http://secunia.com/advisories/25446/

SA33014:
http://secunia.com/advisories/33014/

Collapse -
Perl Nopaste "language" Script Insertion Vulnerability

In reply to: VULNERABILITIES \ FIXES - December 29, 2008

Release Date: 2008-12-29

Critical:
Moderately critical
Impact: Cross Site Scripting

Where: From remote
Solution Status: Vendor Patch


Software: Perl Nopaste 1.x

Description:
A vulnerability has been discovered in Perl Nopaste, which can be exploited by malicious people to conduct script insertion attacks.

Input passed to the "language" parameter in index.pl is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site when the malicious entry is viewed.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

Solution:
Update to version 1.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://sourceforge.net/project/showno...group_id=237095&release_id=649688

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.