Fedora update for php
Secunia Advisory: SA30828
Release Date: 2008-06-23
Critical:
Moderately critical
Impact: System access
DoS
Security Bypass
Unknown
Where: From remote
Solution Status: Vendor Patch
OS: Fedora 8
Description:
Fedora has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
Solution:
Apply updated packages via the yum utility ("yum update php").
Original Advisory:
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html
Other References:
SA30048:
http://secunia.com/advisories/30048/
Collapse -
JSCAPE Secure FTP Applet Host Key Verification Security Issu
Secunia Advisory: SA30822
Release Date: 2008-06-23
Critical:
Less critical
Impact: Spoofing
Where: From remote
Solution Status: Vendor Patch
Software: JSCAPE Secure FTP Applet 4.x
Description:
n.runs AG has reported a security issue in JSCAPE Secure FTP Applet, which can be exploited by malicious people to conduct spoofing attacks.
The problem is that the certificate presented by a server at the beginning of a secure session is not verified. This can be exploited to spoof valid servers via a man-in-the-middle attack.
The security issue is reported in versions prior to 4.9.0.
Solution:
Update to version 4.9.0.
Provided and/or discovered by:
Frank **** and Thierry Zoller, n.runs AG
Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2008-June/062931.html
Collapse -
Red Hat update for freetype
Secunia Advisory: SA30821
Release Date: 2008-06-23
Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Vendor Patch
OS: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux Desktop Workstation (v. 5 client)
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 4
Description:
Red Hat has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library.
Solution:
Updated packages are available via Red Hat Network.
http://rhn.redhat.com
Original Advisory:
https://rhn.redhat.com/errata/RHSA-2008-0556.html
Other References:
SA30600:
http://secunia.com/advisories/30600/
Collapse -
Call of Duty 4: Modern Warfare Vulnerabilities
Secunia Advisory: SA30815
Release Date: 2008-06-23
Critical:
Moderately critical
Impact: DoS
System access
Where: From remote
Solution Status: Unpatched
Software: Call of Duty 4: Modern Warfare
Description:
Luigi Auriemma has reported some vulnerabilities in Call of Duty 4: Modern Warfare, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system.
The vulnerabilities are reported in version 1.6. Other versions may also be affected.
Solution:
Restrict access to game servers to trusted people only.
Provided and/or discovered by:
Luigi Auriemma
Original Advisory:
http://aluigi.altervista.org/adv/cod4vamap-adv.txt
Collapse -
FubarForum "page" Local File Inclusion Vulnerability
Secunia Advisory: SA30811
Release Date: 2008-06-23
Critical:
Moderately critical
Impact: Exposure of system information
Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
Software: FubarForum 1.x
Description:
cOndemned has reported a vulnerability in FubarForum, which can be exploited by malicious people to disclose sensitive information.
Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.
The vulnerability is reported in version 1.5. Prior versions may also be affected.
Solution:
Update to version 1.6.
Provided and/or discovered by:
cOndemned
Original Advisory:
FubarForum:
http://chaozz.nl/2008/06/fubarforum-16-released/
cOndemned:
http://milw0rm.com/exploits/5872
Collapse -
rPath update for xorg-x11
Secunia Advisory: SA30809
Release Date: 2008-06-23
Critical:
Less critical
Impact: Exposure of sensitive information
Privilege escalation
DoS
Where: Local system
Solution Status: Vendor Patch
OS: rPath Linux 1.x
Description:
rPath has issued an update for xorg-x11. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges.
Solution:
Update to:
"xorg-x11=conary.rpath.com@rpl:1/6.8.2-30.14-1"
"xorg-x11-fonts=conary.rpath.com@rpl:1/6.8.2-30.14-1"
"xorg-x11-tools=conary.rpath.com@rpl:1/6.8.2-30.14-1"
"xorg-x11-xfs=conary.rpath.com@rpl:1/6.8.2-30.14-1"
Original Advisory:
http://lists.rpath.com/pipermail/security-announce/2008-June/000361.html
Other References:
SA30627:
http://secunia.com/advisories/30627/
Collapse -
Jamroom "jamroom[jm_dir]" File Inclusion Vulnerability
Secunia Advisory: SA30806
Release Date: 2008-06-23
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Jamroom 3.x
Description:
Some vulnerabilities have been reported in Jamroom, which can be exploited by malicious people to compromise a vulnerable system.
Solution:
Update to version 3.3.6.
Set "register_globals" to "off".
Provided and/or discovered by:
Cyberlog. Additional vulnerable file reported by the vendor.
Original Advisory:
Cyberlog:
http://milw0rm.com/exploits/5876
Jamroom:
http://jamroom.net/index.php?m=td_tracker&o=view&id=1130
Collapse -
emuCMS "cat_id" SQL Injection Vulnerability
Secunia Advisory: SA30804
Release Date: 2008-06-23
Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched
Software: emuCMS 0.x
Description:
TurkishWarriorr has discovered a vulnerability in emuCMS, which can be exploited by malicious people to conduct SQL injection attacks.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
TurkishWarriorr
Original Advisory:
http://milw0rm.com/exploits/5878
Collapse -
AproxEngine "page" Local File Inclusion Vulnerability
Secunia Advisory: SA30800
Release Date: 2008-06-23
Critical:
Moderately critical
Impact: Exposure of sensitive information
Where: From remote
Solution Status: Unpatched
Software: AproxEngine 5.x
Description:
SkyOut has discovered a vulnerability in AproxEngine, which can be exploited by malicious people to disclose potentially sensitive information.
Input passed to the "page" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources.
The vulnerability is confirmed in version 5.1.0.4. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly verified.
Provided and/or discovered by:
SkyOut
Original Advisory:
http://milw0rm.com/exploits/5884
Collapse -
le.cms "cms/admin/upload.php" Security Bypass
Secunia Advisory: SA30797
Release Date: 2008-06-23
Critical:
Highly critical
Impact: Security Bypass
System access
Where: From remote
Solution Status: Unpatched
Software: le.cms 1.x
Description:
t0pP8uZz has reported a vulnerability in le.cms, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
The vulnerability is caused due to improper authentication in cms/admin/upload.php and can be exploited to e.g. upload a PHP file via a specially crafted POST request.
The vulnerability is reported in version 1.4. Other versions may also be affected.
Solution:
Restrict access to the cms/admin/upload.php script (e.g. with ".htaccess").
Provided and/or discovered by:
t0pP8uZz
Original Advisory:
http://milw0rm.com/exploits/5887
Collapse -
CCleague Pro admin.php SQL Injection and Authentication Bypa
Secunia Advisory: SA30796
Release Date: 2008-06-23
Critical:
Moderately critical
Impact: Security Bypass
Manipulation of data
Where: From remote
Solution Status: Unpatched
Software: CCleague Pro 1.x
Description:
t0pP8uZz has discovered some vulnerabilities in CCleague Pro, which can be exploited by malicious people to bypass certain security restrictions or to conduct SQL injection attacks.
The vulnerabilities are confirmed in version 1.2. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised. Restrict access to admin.php.
Provided and/or discovered by:
t0pP8uZz
Original Advisory:
http://milw0rm.com/exploits/5888
Collapse -
AJ HYIP "id" SQL Injection Vulnerability
Secunia Advisory: SA30794
Release Date: 2008-06-23
Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched
Software: AJ HYIP
Description:
Hussin X has reported a vulnerability in AJ HYIP, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "id" parameter in news.php is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Solution:
Filter malicious characters and character sequences using a web proxy.
Provided and/or discovered by:
Hussin X
Original Advisory:
http://milw0rm.com/exploits/5890
Collapse -
Joomla EXP Shop Component "catid" SQL Injection
Secunia Advisory: SA30791
Release Date: 2008-06-23
Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information
Where: From remote
Solution Status: Unpatched
Software: EXP Shop 1.x (component for Joomla)
Description:
His0k4 has reported a vulnerability in the EXP Shop component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.
The vulnerability is reported in version 1.0. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
His0k4
Original Advisory:
http://milw0rm.com/exploits/5893
Collapse -
sHibby sHop "sayfa" SQL Injection Vulnerability
Secunia Advisory: SA30787
Release Date: 2008-06-23
Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched
Software: sHibby sHop 2.x
Description:
KnocKout has reported a vulnerability in sHibby sHop, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "sayfa" parameter in default.asp is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is reported in version 2.2. Other versions may also be affected.
NOTE: Improper access restriction to upgrade.asp and Db/urun.mdb has also been reported.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
KnocKout
Original Advisory:
http://milw0rm.com/exploits/5895
Collapse -
HTML Purifier CSS Cross-Site Scripting and Script Insertion
Secunia Advisory: SA30779
Release Date: 2008-06-23
Critical:
Moderately critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Vendor Patch
Software: HTML Purifier 2.x
HTML Purifier 3.x
Description:
Two vulnerabilities have been reported in HTML Purifier, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks.
Input passed to the library containing CSS data is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed.
Successful exploitation of one of the vulnerabilities requires that the output encoding is set to Shift_JIS.
The vulnerabilities are reported in all versions prior to 2.1.5 and 3.1.1.
Solution:
Update to version 2.1.5 or 3.1.1.
Provided and/or discovered by:
Reported by the vendor.
Original Advisory:
http://htmlpurifier.org/news.html
Collapse -
Hedgehog-CMS "c_temp_path" File Inclusion Vulnerability
Secunia Advisory: SA30778
Release Date: 2008-06-23
Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access
Where: From remote
Solution Status: Unpatched
Software: Hedgehog-CMS 1.x
Description:
CraCkEr has discovered a vulnerability in Hedgehog-CMS, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system.
Input passed to the "c_temp_path" parameter in includes/header.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
Successful exploitation requires that "register_globals" is enabled. Successful exploitation from external resources (FTP servers) requires that "allow_url_fopen" and "allow_url_include" are enabled.
The vulnerability is confirmed in version 1.21. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
CraCkEr
Original Advisory:
http://milw0rm.com/exploits/5904
Collapse -
Apple Mac OS X ARDAgent Privilege Escalation Vulnerability
Secunia Advisory: SA30776
Release Date: 2008-06-23
Critical:
Less critical
Impact: Privilege escalation
Where: Local system
Solution Status: Unpatched
OS: Apple Macintosh OS X
Description:
A vulnerability has been discovered in Mac OS X, which can be exploited by malicious, local users to gain escalated privileges.
The problem is that "ARDAgent", which is owned by "root" and has the setuid bit set, can be invoked to execute shell commands via AppleScript (e.g. through "osascript"). This can be exploited to execute arbitrary commands with root privileges.
The vulnerability is confirmed on Mac OS X 10.4 and is also reported in version 10.5.
Solution:
Grant only trusted users access to affected systems.
Provided and/or discovered by:
Reported in the Macshadows.com forums and via Slashdot.
Original Advisory:
http://www.macshadows.com/forums/index.php?showtopic=8640
http://it.slashdot.org/article.pl?sid=08/06/18/1919224
Collapse -
MiGCMS "GLOBALS[application][app_root]" File Inclusion Vulne
Secunia Advisory: SA30770
Release Date: 2008-06-23
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: MiGCMS 2.x
Description:
CraCkEr has reported some vulnerabilities in MiGCMS, which can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "GLOBALS[application][app_root]" parameter in lib/obj/collection.class.php and lib/obj/content_image.class.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
Successful exploitation requires that "register_globals" is enabled.
The vulnerability is reported in version 2.0.5. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
CraCkEr
Original Advisory:
http://milw0rm.com/exploits/5901
Collapse -
RSS-aggregator "path" File Inclusion Vulnerability
Secunia Advisory: SA30768
Release Date: 2008-06-23
Critical:
Highly critical
Impact: Exposure of system information
Exposure of sensitive information
System access
Where: From remote
Solution Status: Unpatched
Software: RSS-aggregator
Description:
Ghost Hacker has discovered a vulnerability in RSS-aggregator, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system.
Input passed to the "path" parameter in display.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
Successful exploitation requires that "register_globals" is enabled. Successful exploitation from external resources (FTP servers) requires that "allow_url_fopen" and "allow_url_include" are enabled.
Solution:
Edit the source code to ensure that input is properly verified.
Provided and/or discovered by:
Ghost Hacker
Original Advisory:
http://milw0rm.com/exploits/5900
Collapse -
SQL Injection mitigation in ASP
Published: 2008-06-23,
Last Updated: 2008-06-23 02:39:48 UTC
by Jason Lam (Version: 1)
With the recent SQL injection attacks on ASP pages. A lot of our readers are scrambling to find fixes for their applications. ASP is an older generation Web scripting language would require a bit more work to prevent SQL injection from happening. One of our reader Brian Erman has written a function to filter out the SQL keywords and also escape some the metacharacters in SQL to prevent SQL injection. from happening.
More: http://isc.sans.org/
Collapse -
Demo exploits posted for unpatched MS Word vulnerability
June 23rd, 2008
A security researcher has released demo exploits for what appears to be a critical ? unpatched ? memory corruption vulnerability affecting the ubiquitous Microsoft Word software program.
The proof-of-concept exploits accompany a warning that the flaw affects Microsoft Office 2000 and Microsoft Office 2003. In addition to the rigged .docs, there are two videos demonstrating an attack scenario that crashes the program.
More: http://blogs.zdnet.com/security/?p=1324