Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - February 20, 2008

by Marianna Schmudlach / February 20, 2008 12:12 AM PST

BEA JRockit Multiple Vulnerabilities

Secunia Advisory: SA29042
Release Date: 2008-02-20


Critical:
Highly critical
Impact: Security Bypass
Manipulation of data
Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


Software: BEA JRockit 1.x

Description:
Some vulnerabilities have been reported in BEA JRockit, which can be exploited by malicious people to bypass certain security restrictions, manipulate data, disclose sensitive/system information, or potentially compromise a vulnerable system.

The vulnerabilities affect the following versions of BEA JRockit using Java Web Start or the Java Plug-in for browsers:
* BEA JRockit R24:JRockit 1.4.2_04 R24.3 to 1.4.2_08 R24.5
* BEA JRockit R25:JRockit 1.5.0 R25.0 to 1.5.0_03 R25.2

Solution:
Update to the latest version of BEA JRockit (see vendor advisory for more details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://dev2dev.bea.com/pub/advisory/272

Other References:
SA27009:
http://secunia.com/advisories/27009/

SA27320:
http://secunia.com/advisories/27320/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - February 20, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - February 20, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
BEA WebLogic Products Multiple Vulnerabilities
by Marianna Schmudlach / February 20, 2008 12:14 AM PST

Secunia Advisory: SA29041
Release Date: 2008-02-20


Critical:
Moderately critical
Impact: Hijacking
Security Bypass
Cross Site Scripting
Brute force
Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Description:
Some vulnerabilities, security issues, and a weakness have been reported in various BEA WebLogic products, which can be exploited by malicious users to conduct script insertion attacks, and by malicious people to conduct session fixation, cross-site scripting, or brute force attacks, disclose sensitive information, or to bypass certain security restrictions.

1) An error in the processing of requests within the "HttpClusterServlet" and "HttpProxyServlet" proxy servlets, when configured with the "SecureProxy" parameter, can potentially be exploited to gain access to certain administrative resources that are only accessible to an administrator.

More:http://secunia.com/advisories/29041/

Collapse -
BEA Products "name" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / February 20, 2008 12:15 AM PST

Secunia Advisory: SA29040
Release Date: 2008-02-20


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: BEA AquaLogic Interaction 6.x
Plumtree Portal Platform



Description:
Jan Fry and Adrian Pastor have reported a vulnerability in BEA AquaLogic Interaction and BEA Plumtree Foundation, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "name" parameter in portal/server.pt is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in the following versions:
* BEA AquaLogic Interaction 6.1 through Maintenance Pack 1 on all platforms
* BEA Plumtree Foundation 6.0 through Service Pack 1 on all platforms

Solution:
Apply updates.

BEA AquaLogic Interaction 6.1:
Update to BEA AquaLogic Interaction 6.1 MP1.
ftp://anonymous:dev2dev%40bea.com@ftp...1.1.316115-ALUI_XSS_Vulnerability.zip

BEA Plumtree Foundation 6.0:
Update to BEA Plumtree Foundation 6.0 SP1.
ftp://anonymous:dev2dev%40bea.com@ftp...0.1.316111-ALUI_XSS_Vulnerability.zip

Provided and/or discovered by:
Jan Fry and Adrian Pastor, ProCheckUp Ltd

Original Advisory:
BEA:
http://dev2dev.bea.com/pub/advisory/259

ProCheckUp Ltd:
http://www.procheckup.com/Vulnerability_PR06-12.php

Collapse -
IBM Lotus Notes Java Plug-in Sandbox Security Bypass
by Marianna Schmudlach / February 20, 2008 12:17 AM PST

Secunia Advisory: SA29035
Release Date: 2008-02-20


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Workaround


Software: IBM Lotus Notes 6.x
IBM Lotus Notes 7.x

Description:
A vulnerability has been reported in IBM Lotus Notes, which can be exploited by malicious people to compromise a user's system.

Successful exploitation requires that the "Enable Java access from JavaScript" option is enabled.

The vulnerability is reported in versions 6.5.6 and 7.0.

Solution:
Version 7.0.2 reportedly includes the JVM fix.

The vendor recommends disabling "Enable Java access from JavaScript".

Provided and/or discovered by:
Originally discovered by Jouko Pynnonen and reported by David Gloede to also affect IBM Lotus Notes.

Original Advisory:
http://www-1.ibm.com/support/docview.wss?uid=swg21257249

Other References:
SA13271:
http://secunia.com/advisories/13271/

Collapse -
Schoolwires Academic Portal browse.asp Cross-Site Scripting
by Marianna Schmudlach / February 20, 2008 12:18 AM PST

Secunia Advisory: SA29034
Release Date: 2008-02-20


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Schoolwires Academic Portal



Description:
Russ McRee has reported two vulnerabilities in Schoolwires Academic Portal, which can be exploited by malicious people to conduct cross-site scripting or SQL injection attacks.

1) Input passed to the "c" parameter in browse.asp is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed to the "c" parameter in browse.asp is not properly sanitised before being returned to the user in an error message. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Russ McRee, Holistic InfoSec.org

Collapse -
IBM Lotus Notes Java Applet Signature Execution Control List
by Marianna Schmudlach / February 20, 2008 12:19 AM PST

Secunia Advisory: SA29031
Release Date: 2008-02-20


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Workaround


Software: IBM Lotus Notes 6.x
IBM Lotus Notes 7.x
IBM Lotus Notes 8.x



Description:
A security issue has been reported in IBM Lotus Notes, which can be exploited by malicious people to bypass certain security mechanisms.

The problem is that it is possible to bypass the ECL (Execution Control List ) mechanism when e.g. a user who receives a mail containing an unsigned java applet forwards the mail to another user, which causes the unsigned applet to be signed by the original user.

Successful exploitation requires that the recipient of the forwarded mail has the "Enable Java Applets" option enabled, the ECL configured to allow the sender to execute Java, and that the sender is trusted to sign Java applets.

The security issue affects versions 6.0, 6.5, 7.0, and 8.0.

Solution:
The vendor recommends disabling the "Enable Java Applets" option or using a trusted signature for all Java Applets.

Provided and/or discovered by:
The vendor credits David Gloede.

Original Advisory:
http://www-1.ibm.com/support/docview.wss?uid=swg21257250

Collapse -
Hitachi EUR Print Manager Unspecified Denial of Service Vuln
by Marianna Schmudlach / February 20, 2008 12:20 AM PST

Secunia Advisory: SA29030
Release Date: 2008-02-20


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Vendor Patch


Software: Hitachi EUR Print Manager 5.x

Description:
A vulnerability has been reported in Hitachi EUR Print Manager, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error when receiving certain data and can be exploited to e.g. cause the service to terminate.

The vulnerability is reported in versions 05-06 to 05-06-/B and 05-08.

Solution:
Update to version 05-08-/A.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
HS08-001:
http://www.hitachi-support.com/security_e/vuls_e/HS08-001_e/index-e.html

Collapse -
Opera Multiple Vulnerabilities
by Marianna Schmudlach / February 20, 2008 12:22 AM PST

Secunia Advisory: SA29029
Release Date: 2008-02-20


Critical:
Moderately critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: Opera 5.x
Opera 6.x
Opera 7.x
Opera 8.x
Opera 9.x

Description:
Some vulnerabilities have been reported in Opera, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, or to bypass certain security restrictions.

1) A security issue is caused due to a design error when handling input to file form fields, which can potentially be exploited to trick a user into uploading arbitrary files.

2) An error within the handling of custom comments in image properties can be exploited to execute arbitrary script code in the wrong security context when comments of a malicious image are displayed.

3) An error in the handling of attribute values when importing XML into a document can be exploited to bypass filters and conduct cross-site scripting attacks if these values are used as document content.

The vulnerabilities are reported in versions prior to 9.26.

Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.

Solution:
Update to version 9.26.
http://www.opera.com/download/

Provided and/or discovered by:
The vendor credits:
1) Mozilla
2) Max Leonov
3) Arnaud

Original Advisory:
Opera:
http://www.opera.com/support/search/view/877/
http://www.opera.com/support/search/view/879/
http://www.opera.com/support/search/view/880/

Other References:
SA28758:
http://secunia.com/advisories/28758/

Collapse -
Hitachi SEWB3/PLATFORM Unspecified Denial of Service
by Marianna Schmudlach / February 20, 2008 12:23 AM PST

Secunia Advisory: SA29028
Release Date: 2008-02-20


Critical:
Less critical
Impact: DoS

Where: From local network

Solution Status: Partial Fix


Software: Hitachi SEWB3/PLATFORM







Description:
A vulnerability has been reported in Hitachi SEWB3/PLATFORM, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error when processing certain data and can be exploited to crash the SEWB3 messaging service.

The vulnerability is reported in various versions on HP-UX, Solaris, and AIX. Please see the vendor's advisory for more information.

Solution:
Update to version 01-17-/G on HP-UX (11.x).

Restrict network access to the service.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
HS08-002:
http://www.hitachi-support.com/security_e/vuls_e/HS08-002_e/index-e.html

Collapse -
SmarterMail Subject Script Insertion Vulnerability
by Marianna Schmudlach / February 20, 2008 12:24 AM PST

Secunia Advisory: SA29024
Release Date: 2008-02-20


Critical:
Moderately critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: SmarterMail

Description:
Juan Pablo Lopez Yacubian has discovered a vulnerability in SmarterMail, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via the subject of an email is not properly sanitised before being displayed. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when a specially crafted email is viewed.

The vulnerability is confirmed in SmarterMail Free Edition build 4.3.2903. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences in a proxy.

Disable Javascript support in the web browser when accessing the SmarterMail web interface.

Provided and/or discovered by:
Juan Pablo Lopez Yacubian

Collapse -
Jinzora Multiple Vulnerabilities
by Marianna Schmudlach / February 20, 2008 12:26 AM PST

Secunia Advisory: SA29023
Release Date: 2008-02-20


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Jinzora 2.x

Description:
Alexandr Polyakov and Stas Svistunovich have discovered some vulnerabilities in Jinzora, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.

1) Input passed to the "frontend", "set_frontend", "jz_path", "theme", and "set_theme" parameters in index.php, to the "frontend", "theme", and "language" parameters in ajax_request.php, to the "jz_path" parameter in slim.php, to the "frontend", "theme", and "jz_path" parameters in popup.php, and via the URL to index.php and slim.php, is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed via the playlist name when creating a playlist in popup.php, and via the news text when updating the site news in popup.php, is not properly sanitised before being stored. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.

The vulnerabilities are confirmed in version 2.7.5. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences using a proxy.

Provided and/or discovered by:
Alexandr Polyakov and Stas Svistunovich, Digital Security Research Group

Collapse -
WoltLab Burning Board "sortOrder" SQL Injection
by Marianna Schmudlach / February 20, 2008 12:28 AM PST

Secunia Advisory: SA29020
Release Date: 2008-02-20


Critical:
Less critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: WoltLab Burning Board 3.x

Description:
NBBN has reported a vulnerability in WoltLab Burning Board, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "sortOrder" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires valid user credentials.

The vulnerability is reported in version 3.0.3 pl 1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
NBBN

Collapse -
Lyris ListManager Security Bypass Vulnerabilities
by Marianna Schmudlach / February 20, 2008 12:29 AM PST

Secunia Advisory: SA29019
Release Date: 2008-02-20


Critical:
Less critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Lyris ListManager 8.x
Lyris ListManager 9.x


Description:
Tyler Shields has reported some vulnerabilities in Lyris ListManager, which can be exploited by malicious users to bypass certain security restrictions.

1) Two vulnerabilities are caused due to the unspecified use of client-side code to validate input. This can be exploited to gain administrative list privileges or to gain access to other mailing lists.

2) An unspecified error in the administrative interface can be exploited to create accounts that can overwrite data associated with preexisting accounts.

The vulnerabilities are reported in versions 8.95, 8.95a, 8.95b, 8.95c, 9.2, 9.2a, 9.2b, 9.3, and 9.3a. Prior versions may also be affected.

Solution:
Update to version 8.95d, 9.2c, or 9.3b.
http://www.lyris.com/support/listmanager/archives.html

Provided and/or discovered by:
Tyler Shields, Symantec

Collapse -
MoinMoin Multiple Vulnerabilities
by Marianna Schmudlach / February 20, 2008 12:30 AM PST

Secunia Advisory: SA29010
Release Date: 2008-02-20


Critical:
Highly critical
Impact: Cross Site Scripting
DoS
System access

Where: From remote

Solution Status: Vendor Patch


Software: MoinMoin 1.x



Description:
Some vulnerabilities have been reported in MoinMoin, which can be exploited by malicious people to conduct cross-site scripting attacks, to manipulate certain data, or potentially to compromise a vulnerable system.

1) Input passed to the "name" parameter when logging in is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 1.6.1.

2) Input passed to action/AttachFile.py is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Input passed to the MOIN_ID cookie parameter is not properly sanitised before being used. This can be exploited to overwrite arbitrary files via directory traversal attacks.

Successful exploitation may allow to inject and execute arbitrary PHP code but depends on certain file permissions and settings of the server.

Vulnerabilities 2# and #3 are reported in version 1.5.8. Other versions may also be affected.

Solution:
Update to version 1.6.1.
http://moinmo.in/MoinMoinDownload

Provided and/or discovered by:
3) nonroot

Original Advisory:
MoinMoin:
http://hg.moinmo.in/moin/1.5/rev/2f952fa361c7
http://hg.moinmo.in/moin/1.5/rev/db212dfc58ef
http://hg.moinmo.in/moin/1.6/rev/9f4bdc7ef80d

http://www.milw0rm.com/exploits/4957

Collapse -
Now SMS/MMS Gateway HTTP/SMPP Handling Buffer Overflows
by Marianna Schmudlach / February 20, 2008 12:32 AM PST

Secunia Advisory: SA29003
Release Date: 2008-02-20


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Now SMS/MMS Gateway 2007.x

Description:
Luigi Auriemma has discovered some vulnerabilities in Now SMS/MMS Gateway, which can be exploited by malicious people to compromise a vulnerable system.

1) A boundary error in the web interface when processing HTTP requests can be exploited to cause a stack-based buffer overflow via an HTTP request with an overly long "Authorization" header string.

Successful exploitation allows execution of arbitrary code.

2) A boundary error in the SMPP server when processing SMPP packets can be exploited to cause a stack-based buffer overflow via a specially crafted SMPP packet.

Successful exploitation allows execution of arbitrary code but requires that the SMPP server is enabled and a specific port is set.

The vulnerabilities are confirmed in version 2007.06.27. Other versions may also be affected.

Solution:
Restrict network access to the services.

Provided and/or discovered by:
Luigi Auriemma

Original Advisory:
http://aluigi.altervista.org/adv/nowsmsz-adv.txt

Collapse -
CUPS "process_browse_data()" Double Free Vulnerability
by Marianna Schmudlach / February 20, 2008 12:33 AM PST

Secunia Advisory: SA28994
Release Date: 2008-02-20


Critical:
Moderately critical
Impact: DoS
System access

Where: From local network

Solution Status: Vendor Patch


Software: CUPS 1.x

Description:
A vulnerability has been discovered in CUPS, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.

The vulnerability is caused due to an error within the "process_browse_data()" function when adding printers and classes. This can be exploited to free the same buffer twice by sending specially crafted browser packets to the UDP port on which cupsd is listening (by default port 631/UDP).

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 1.3.5. Prior versions may also be affected.

Solution:
Update to version 1.3.6.

Provided and/or discovered by:
Reported as a CUPS bug by h.blischke.

Original Advisory:
http://www.cups.org/str.php?L2656

Collapse -
BEA Products Information Disclosure Vulnerability
by Marianna Schmudlach / February 20, 2008 12:34 AM PST

Secunia Advisory: SA28991
Release Date: 2008-02-20


Critical:
Moderately critical
Impact: Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: BEA AquaLogic Interaction Collaboration 4.x
Plumtree Collaboration Server

Description:
A vulnerability has been reported in some BEA Plumtree Collaboration and BEA AquaLogic Interaction, which can be exploited by malicious people to disclose sensitive information.

Input to unspecified parameters passed to a download servlet is not properly verified before being used to download files. This can be exploited to download system files from an affected system.

The vulnerability is reported in the following versions:
* BEA Plumtree Collaboration 4.1 through Service Pack 2 on all platforms
* BEA AquaLogic Interaction 4.2 through Maintenance Pack 1 on all platforms

Solution:
Apply updates.

BEA AquaLogic Collaboration 4.2:
Update to BEA AquaLogic Collaboration 4.2 MP1.
ftp://anonymous:dev2dev%40bea.com@ftp...ases/security/Collab_4.2.1.317490.zip

BEA Plumtree Collaboration 4.1:
Update to BEA Plumtree Foundation 4.1 SP2.
ftp://anonymous:dev2dev%40bea.com@ftp...ases/security/Collab_4.1.2.317491.zip

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://dev2dev.bea.com/pub/advisory/276

Collapse -
WordPress WP Photo Album Plugin "photo" SQL Injection
by Marianna Schmudlach / February 20, 2008 12:36 AM PST

Secunia Advisory: SA28988
Release Date: 2008-02-20


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Vendor Patch


Software: WP Photo Album (WPPA) 1.x (plugin for WordPress)



Description:
A vulnerability has been reported in the WP Photo Album (WPPA) plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "photo" parameter in the WordPress installation's index.php script is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is reported in version 1.0. Prior versions may also be affected.

Solution:
Update to version 1.1.

Provided and/or discovered by:
Reported by S@BUN

Original Advisory:
http://milw0rm.com/exploits/5135

Collapse -
Philips VOIP841 Multiple Vulnerabilities
by Marianna Schmudlach / February 20, 2008 12:37 AM PST

Secunia Advisory: SA28978
Release Date: 2008-02-20


Critical:
Less critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


OS: Philips VOIP841

Description:
Luca "ikki" Carettoni has reported a security issue and some vulnerabilities in Philips VOIP841, which can be exploited by malicious people to disclose sensitive information, conduct cross-site scripting attacks, and to bypass certain security restrictions.

1) A security issue is caused due to an undocumented account ("service":"service") which can be used to access the web administration interface with administrative privileges.

2) Input passed via the URL is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Input passed in HTML requests is not properly sanitised before being used. This can be exploited to display arbitrary files on the device via directory traversal attacks.

Successful exploitation requires a valid user account, but can be used in combination with #1.

NOTE: It has also been reported that sensitive information, e.g. Skype credentials, are stored on the device in cleartext, which e.g. can be disclosed by combining the reported vulnerabilities.

The vulnerabilities are reported in Philips VOIP841 firmware version 1.0.4.50 and 1.0.4.80. Other versions may also be affected.

Solution:
Use only in a trusted network environment. Do not follow untrusted links.

Provided and/or discovered by:
Luca "ikki" Carettoni

Original Advisory:
http://www.securenetwork.it/ricerca/advisory/download/SN-2008-01.txt

Collapse -
IPdiva SSL VPN Server Weakness and Cross-Site Scripting Vuln
by Marianna Schmudlach / February 20, 2008 12:38 AM PST

Secunia Advisory: SA28963
Release Date: 2008-02-20


Critical:
Less critical
Impact: Cross Site Scripting
Brute force

Where: From remote

Solution Status: Vendor Patch


Software: IPdiva SSL VPN Server 2.x

Description:
Ha.ckers.fr Team has reported a weakness and some vulnerabilities in IPdiva SSL VPN Server, which can be exploited by malicious people to conduct brute force and cross-site scripting attacks.

1) The number of failed login attempts is stored in a cookie. This can be exploited to e.g. conduct brute force attacks by reseting the cookie's value.

2) Input passed to multiple unspecified parameters is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version prior to 2.2.8 (November 2007).

Solution:
Update to version 2.2.8 from November 2007 or later.

Provided and/or discovered by:
Ha.ckers.fr Team

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060314.html
http://lists.grok.org.uk/pipermail/full-disclosure/2008-February/060315.html

Collapse -
Debian update for pcre3
by Marianna Schmudlach / February 20, 2008 12:40 AM PST

Secunia Advisory: SA28957
Release Date: 2008-02-20


Critical:
Moderately critical
Impact: DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Debian GNU/Linux unstable alias sid

Description:
Debian has issued an update for pcre3. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00063.html

Other References:
SA28923:
http://secunia.com/advisories/28923/

Collapse -
Debian update for libimager-perl
by Marianna Schmudlach / February 20, 2008 12:41 AM PST

Secunia Advisory: SA28868
Release Date: 2008-02-20


Critical:
Moderately critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0

Description:
Debian has issued an update for libimager-perl. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library.

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00062.html

Other References:
SA25038:
http://secunia.com/advisories/25038/

Collapse -
Cult of the Dead Cow turns Google into a vulnerability scann
by Marianna Schmudlach / February 20, 2008 12:43 AM PST

The "Cult of the Dead Cow" hacker group ? cDc for short ? has published a tool that searches for vulnerabilities and private information across the web. Using well-chosen Google search queries, Goolag Scan discovers links to vulnerable web applications, back doors, or documents inadvertently put on the internet that contain sensitive information.

This kind of "Google hacking" is already well known: a hacker using the pseudonym Johnny has already published quite a collection of these "Google Hacks" or "Google Dorks" on his web site ihackstuff. What cDc has done is create an automated tool that allows an unskilled hacker to use these same techniques.

More: http://www.heise-online.co.uk/security/Cult-of-the-Dead-Cow-turns-Google-into-a-vulnerability-scanner--/news/110087

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!