Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - July 14, 2008

Pluck predefined_variables.php Local File inclusion Vulnerabilities


Secunia Advisory: SA31088
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Pluck 4.x

Description:
AmnPardaz Security Research Team has discovered some vulnerabilities in Pluck, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "langpref", "file", "blogpost", and "cat" parameters in data/inc/themes/predefined_variables.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.

The vulnerabilities are confirmed in version 4.5.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly verified.

Provided and/or discovered by:
AmnPardaz Security Research Team

Original Advisory:
http://www.bugreport.ir/?/48

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - July 14, 2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - July 14, 2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
ITechBids Cross-Site Scripting and SQL Injection

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31084
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Cross Site Scripting
Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: ITechBids 7.x

Description:
Encrypt3d.M!nd has discovered some vulnerabilities in ITechBids, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.

The vulnerabilities are confirmed in version 7.0. Other versions may also be affected.

Solution:
Filter malicious characters and character sequences using a web proxy.

Provided and/or discovered by:
Encrypt3d.M!nd

Original Advisory:
http://milw0rm.com/exploits/6069

Collapse -
Scripteen Free Image Hosting Script Security Bypass and SQL

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31083
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Scripteen Free Image Hosting Script 1.x

Description:
Some vulnerabilities have been discovered in Scripteen Free Image Hosting Script, which can be exploited by malicious people to bypass certain security restrictions and conduct SQL injection attacks.

The vulnerabilities are confirmed in version 1.2.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that access is properly restricted and input is properly sanitised.

Use another script.

Provided and/or discovered by:
1) RMx - Liz0zim
2) An anonymous person.

Original Advisory:
1) http://milw0rm.com/exploits/6070

Collapse -
SUSE update for MozillaFirefox

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31076
Release Date: 2008-07-14


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: openSUSE 10.2
openSUSE 10.3
SUSE Linux Enterprise Server 10

Description:
SUSE has issued an update for MozillaFirefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00004.html

Other References:
SA30911:
http://secunia.com/advisories/30911/

Collapse -
Apple iPhone / iPod touch Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31074
Release Date: 2008-07-14


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Apple iPhone
Apple iPod touch

Description:
Some vulnerabilities have been reported in Apple iPhone and iPod touch, which can be exploited by malicious people to conduct spoofing and cross-site scripting attacks, cause a DoS (Denial of Service), bypass certain security restrictions, or compromise a user's system.

Solution:
Upgrade to version 2.0 (downloadable and installable via iTunes).

Provided and/or discovered by:
The vendor credits:
4) Hiromitsu Takagi
5) SkyLined, Google
6) Chris Weber, Casaba Security, LLC
7) James Urquhart
Cool Peter Vreudegnhil, working with the TippingPoint Zero Day Initiative
10) Anthony de Almeida Lopes of Outpost24 AB, and Chris Evans of Google Security Team
11) Itzik Kotler and Jonathan Rom of Radware
12) Robert Swiecki of the Google Security Team, David Bloom, and Charlie Miller of Independent Security Evaluators

Original Advisory:
Apple:
http://support.apple.com/kb/HT2351

JVN:
http://jvn.jp/jp/JVN88676089/index.html

Chris Evans:
http://scary.beasts.org/security/CESA-2008-004.html

Other References:
SA20376:
http://secunia.com/advisories/20376/

SA28444:
http://secunia.com/advisories/28444/

SA29130:
http://secunia.com/advisories/29130/

SA29846:
http://secunia.com/advisories/29846/

SA30315:
http://secunia.com/advisories/30315/

SA30775:
http://secunia.com/advisories/30775/

Collapse -
Gentoo update for bind

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31072
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Vendor Patch


OS: Gentoo Linux 1.x

Description:
Gentoo has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to poison the DNS cache.

Solution:
Update to "net-dns/bind-9.4.2_p1" or later.

Make sure that the configuration file does not specify a fixed UDP source port.

Original Advisory:
http://www.gentoo.org/security/en/glsa/glsa-200807-08.xml

Other References:
SA30973:
http://secunia.com/advisories/30973/

Collapse -
Debian update for iceweasel

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31069
Release Date: 2008-07-14


Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Spoofing
Exposure of system information
Exposure of sensitive information
DoS
System access

Where: From remote

Solution Status: Vendor Patch


OS: Debian GNU/Linux 4.0

Description:
Debian has issued an update for iceweasel. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system.

Solution:
Apply updated packages.

Original Advisory:
http://lists.debian.org/debian-security-announce/2008/msg00188.html

Other References:
SA30911:
http://secunia.com/advisories/30911/

Collapse -
Debian update for mysql-dfsg-5.0

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Collapse -
Novell Netware DNS Cache Poisoning Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31065
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Spoofing

Where: From remote

Solution Status: Unpatched


OS: Novell Netware 4.x
Novell Netware 5.x
Novell NetWare 6.x

Description:
A vulnerability has been reported in Novell Netware, which can be exploited by malicious people to poison the DNS cache.

The vulnerability is caused due to the product not sufficiently randomising the DNS transaction ID and the source port number, which can be exploited to poison the DNS cache.

The vulnerability reportedly affects all versions.

Solution:
The vendor is currently working on a patch.

Provided and/or discovered by:
Dan Kaminsky, IOActive

Original Advisory:
http://www.novell.com/support/viewContent.do?externalId=7000912&sliceId=1

Other References:
US-CERT VU#800113:
http://www.kb.cert.org/vuls/id/800113

Collapse -
@1 File Store PRO "id" SQL Injection Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31063
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: @1 File Store PRO 3.x



Description:
Nu Am Bani has reported some vulnerabilities in @1 File Store PRO, which can be exploited by malicious users or people to conduct SQL injection attacks.

Successful exploitation of the vulnerabilities require that "magic_quotes_gpc" is disabled.

The vulnerabilities are reported in version 3.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Nu Am Bani

Original Advisory:
http://milw0rm.com/exploits/6040

Collapse -
Wysi Wiki Wyg "c" Directory Traversal Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31061
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: Wysi Wiki Wyg 1.x

Description:
StAkeR has discovered a vulnerability in Wysi Wiki Wyg, which can be exploited by malicious people to disclose sensitive information.

Input passed to the "c" parameter in index.php is not properly sanitised before being used to display files. This can be exploited to display arbitrary files via directory traversal attacks.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
StAkeR

Original Advisory:
http://milw0rm.com/exploits/6042

Collapse -
Apple Xcode tools Vulnerability and Security Issue

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31060
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Exposure of sensitive information
System access

Where: From remote

Solution Status: Vendor Patch


Software: Apple Xcode 2.x
Apple Xcode 3.x

Description:
A vulnerability and a security issue have been reported in Xcode tools, which can be exploited by malicious people to disclose sensitive information or to compromise a user's system.

The vulnerability and security issue is reported in versions prior to 3.1.

Solution:
Update to version 3.1.

Provided and/or discovered by:
1) Kevin Finisterre, Netragard
2) Reported by the vendor.

Original Advisory:
Apple:
http://support.apple.com/kb/HT2352

Netragard:
http://www.netragard.com/pdfs/research/NETRAGARD-20080630-FUNHOUSE.txt

Collapse -
Million Pixels "id_cat" SQL Injection Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31059
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Million Pixels 3.x

Description:
Hussin X has reported a vulnerability in Million Pixels, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id_cat" parameter in tops_top.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Hussin X

Original Advisory:
http://milw0rm.com/exploits/6044

Collapse -
reSIProcate Long Domain Name Denial of Service

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31058
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: DoS

Where: From remote

Solution Status: Vendor Patch


Software: reSIProcate 1.x

Description:
A vulnerability has been reported in reSIProcate, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in rutil/dns/DnsStub.cxx when handling overly long domain names in a request URI. This can be exploited to cause a crash via e.g an INVITE or OPTIONS message with an overly long domain name.

The vulnerability is reported in version 1.3.2. Other versions may also be affected.

Solution:
Update to version 1.3.3.

Provided and/or discovered by:
Originally reported by the vendor.

Rediscovered by Mu Dynamics research team.

Original Advisory:
reSIProcate.org:
http://www.resiprocate.org/ReSIProcate_1.3.3_Release

Mu Dynamics:
http://labs.mudynamics.com/advisories/MU-200807-01.txt

Collapse -
Maian Events "mevents_admin_cookie" Security Bypass Vulnerab

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31056
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Unpatched


Software: Maian Events 2.x

Description:
Saime has discovered a vulnerability in Maian Events, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restriction in the admin/index.php script. This can be exploited to bypass the authentication mechanism and gain access to the administration section by setting the "mevents_admin_cookie" cookie.

The vulnerability is confirmed in version 2.0. Other versions may also be affected.

Solution:
Restrict access to the admin/index.php script (e.g. with ".htaccess").

Provided and/or discovered by:
Saime

Original Advisory:
http://milw0rm.com/exploits/6048

Collapse -
jSite Multiple Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31049
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: jSite 1.x

Description:
Some vulnerabilities have been discovered in jSite, which can be exploited by malicious people to disclose sensitive information and conduct SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly sanitised and verified.

Provided and/or discovered by:
1, 2) S.W.A.T.
3) An anonymous person

Original Advisory:
http://milw0rm.com/exploits/6057

Collapse -
webcms.es webCMS Portal Edition "id" SQL Injection Vulnerabi

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31047
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: webcms.es webCMS Portal Edition

Description:
Mr.SQL has reported a vulnerability in webcms.es webCMS Portal Edition, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "id" parameter in secciones/tablon/tablon.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Edit the source code to ensure that input is properly sanitised. Filter malicious characters and character sequences using a proxy.

Provided and/or discovered by:
Mr.SQL

Original Advisory:
http://milw0rm.com/exploits/6056

Collapse -
Maian Music "mmusic_cookie" Security Bypass Vulnerability

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA31038
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Unpatched


Software: Maian Music 1.x

Description:
Saime has discovered a vulnerability in Maian Music, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to improper access restriction in the admin/index.php script. This can be exploited to bypass the authentication mechanism and gain access to the administration section by setting the "mmusic_cookie" cookie.

The vulnerability is confirmed in version 1.2 and reported in version 1.0. Other versions may also be affected.

Solution:
Restrict access to the admin/index.php script (e.g. with ".htaccess").

Provided and/or discovered by:
Saime

Original Advisory:
http://milw0rm.com/exploits/6051

Collapse -
Procapita SQL Injection Vulnerabilities

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Secunia Advisory: SA30968
Release Date: 2008-07-14


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: Procapita

Description:
pelzi has reported some vulnerabilities in Procapita, which can be exploited by malicious people or users to conduct SQL injection attacks.

Input passed to certain parameters in login.asp, inloggning.asp, within the search functionality, and possibly other scripts is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

NOTE: Other issues have also been reported, which can potentially be exploited to disclose sensitive and system information.

Solution:
The vendor is reportedly working on a fix.

Provided and/or discovered by:
pelzi

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2008-06/0223.html

Collapse -
Obfuscated JavaScript Redux

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Published: 2008-07-14,
Last Updated: 2008-07-14 11:48:19 UTC
by Daniel Wesemann

Since our last diaries on the subject of obfuscated Javascript ([1],[2]), the bad guys have again upped the ante a little to make analysis more difficult. The latest few samples that I analyzed all used codes that employed one or several of the "document.referrer", "document.location" and "location.href" properties as part of the decoding process.

document.location and location.href contain the URL of the currently displayed web page, document.referrer contains the URL of the last page visited before reaching the exploit. Using these variables in the obfuscation scheme means that the exploit will not decode correctly, and hence will not run, when copied to a different place or called from a different website.

More: http://isc.sans.org/

Collapse -
Several vulnerabilities closed in the Linux kernel

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

14 July 2008

Linux developers have strongly recommended anyone who uses Linux kernel 2.6.25 on multi-user x86-64 systems to upgrade to version 2.6.25.11. It appears that users with restricted privileges are able to escalate their access privileges. While Greg Kroah-Hartman did not give any further details when announcing the new kernel version, the problem is likely to be caused by the filtering of the Local Descriptor Table (LDT).

Only a few days earlier, kernel developers released version 2.6.25.10 to resolve a vulnerability in the sys32_ptrace function in arch/x86/kernel/ptrace.c which could potentially cause systems to crash. The Pax Team that discovered this hole did not want to rule out that the flaw could also have been exploited to compromise a system.

More: http://www.heise-online.co.uk/security/Several-vulnerabilities-closed-in-the-Linux-kernel--/news/111095

Collapse -
Zone Alarm Releases Security Advisory

In reply to: VULNERABILITIES \ FIXES - July 14, 2008

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

SMART HOME

This one tip will help you sleep better tonight

A few seconds are all you need to get a better night's rest.