Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - May 27,2008

by Marianna Schmudlach / May 27, 2008 1:03 AM PDT

TYPO3 sg_zfelib Extension SQL Injection Vulnerabilities

Secunia Advisory: SA30400
Release Date: 2008-05-27


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Vendor Patch


Software: sg_zfelib (extension for TYPO3) 1.x

Description:
Some vulnerabilities have been reported in the sg_zfelib extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to unspecified parameters is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows gaining read access to the database.

The vulnerabilities are reported in version 1.1.512. Prior versions may also be affected.

Solution:
Update to version 1.1.513.
http://typo3.org/extensions/repository/view/sg_zfelib/1.1.513/

Provided and/or discovered by:
The vendor credits Philipp Rocholl and Wassim Amouri.

Original Advisory:
http://typo3.org/teams/security/security-bulletins/typo3-20080527-2/

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - May 27,2008
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - May 27,2008
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
phpFix Two SQL Injection Vulnerabilities
by Marianna Schmudlach / May 27, 2008 1:05 AM PDT

Secunia Advisory: SA30397
Release Date: 2008-05-27


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: phpFix 2.x

Description:
unohope has reported two vulnerabilities in phpFix, which can be exploited by malicious people to conduct SQL injection attacks.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
unohope

Original Advisory:
http://www.chroot.org/exploits/chroot_uu_004

Collapse -
Mini CWB "connector.php" Cross-Site Scripting Vulnerability
by Marianna Schmudlach / May 27, 2008 1:06 AM PDT

Secunia Advisory: SA30390
Release Date: 2008-05-27


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Mini CWB 2.x

Description:
CWH Underground has reported a vulnerability in Mini CWB, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the URL to /javascript/editor/editor/filemanager/browser/mcpuk/connectors/php/connector.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 2.1.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
CWH Underground

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2008-05/0316.html

Collapse -
Quate CMS Multiple Vulnerabilities
by Marianna Schmudlach / May 27, 2008 1:07 AM PDT

Secunia Advisory: SA30377
Release Date: 2008-05-27


Critical:
Highly critical
Impact: Cross Site Scripting
Manipulation of data
Exposure of system information
Exposure of sensitive information
System access

Where: From remote

Solution Status: Unpatched


Software: Quate CMS 0.x

Description:
Digital Security Research Group have discovered some vulnerabilities in Quate CMS, which can be exploited by malicious users to disclose and manipulate sensitive information, and by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a vulnerable system.

Solution:
Edit the source code to ensure that input is properly verified and sanitised.

Provided and/or discovered by:
Digital Security Research Group

Original Advisory:
http://milw0rm.com/exploits/5668

Collapse -
ClassSystem "teacher_id" SQL Injection Vulnerabilities
by Marianna Schmudlach / May 27, 2008 1:08 AM PDT

Secunia Advisory: SA30365
Release Date: 2008-05-27


Critical:
Moderately critical
Impact: Manipulation of data

Where: From remote

Solution Status: Unpatched


Software: ClassSystem 2.x

Description:
unohope has reported two vulnerabilities in ClassSystem, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "teacher_id" parameter in HomepageMain.php and HomepageTop.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in version 2.3. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
unohope

Original Advisory:
http://www.chroot.org/exploits/chroot_uu_005

Collapse -
Safari Montage "forgotPW.php" Cross-Site Scripting Vulnerabi
by Marianna Schmudlach / May 27, 2008 1:10 AM PDT

Secunia Advisory: SA30363
Release Date: 2008-05-27


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Unpatched


Software: Safari Montage 3.x

Description:
Omer Singer has reported some vulnerabilities in Safari Montage, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input to the "school" and "email" parameters in forgotPW.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 3.1.x. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Filter malicious characters and character sequences in a web proxy.

Provided and/or discovered by:
Omer Singer

Original Advisory:
http://www.digitrustgroup.com/advisor...lication-security-safari-montage.html

Collapse -
RE: Secunia Advisory: SA30363
by safarimontage / December 22, 2008 6:23 AM PST

Dear Sir or Madam:

In response to your Secunia Advisory SA30363 referencing DigiTrust Advisory #080519a - Safari Montage Cross-Site Scripting Vulnerability, please note:

This vulnerability was closed in SAFARI Montage v3.1.4 release July 23 2008, available on new systems and as an update to existing systems.

Ref: http://www.safarimontage.com/support/release_notes_3.1.4.aspx

We would appreciate if you would remove or amend your advisory accordingly.

Thank you.

SAFARI Montage

Collapse -
MAXSITE "category" SQL Injection Vulnerability
by Marianna Schmudlach / May 27, 2008 1:11 AM PDT

Secunia Advisory: SA30306
Release Date: 2008-05-27


Critical:
Moderately critical
Impact: Manipulation of data
Exposure of sensitive information

Where: From remote

Solution Status: Unpatched


Software: MAXSITE 1.x

Description:
Tesz has reported a vulnerability in MAXSITE, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "category" parameter in index.php (when "name" is set to "webboard") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator usernames and password hashes.

The vulnerability is reported in version 1.10. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Tesz

Original Advisory:
http://milw0rm.com/exploits/5676

Collapse -
Linux Kernel Unspecified Vulnerability
by Marianna Schmudlach / May 27, 2008 1:12 AM PDT

Secunia Advisory: SA30258
Release Date: 2008-05-27


Critical:
Moderately critical
Impact: Unknown

Where: From remote

Solution Status: Vendor Patch


OS: Linux Kernel 2.6.x

Description:
A vulnerability with an unknown impact has been reported in the Linux Kernel.

The vulnerability is caused due to an unspecified error. No further information is currently available.

The vulnerability affects versions prior to 2.6.25.4.

Solution:
Update to version 2.6.25.4.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://lkml.org/lkml/2008/5/15/181
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.4

Collapse -
CuteFTP Directory Download Directory Traversal Vulnerability
by Marianna Schmudlach / May 27, 2008 1:13 AM PDT

Secunia Advisory: SA29760
Release Date: 2008-05-27


Critical:
Less critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: CuteFTP Home 8.x
CuteFTP Pro 8.x



Description:
Tan Chew Keong has reported a vulnerability in CuteFTP, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error when downloading directories containing files with directory traversal specifiers in the filename. This can be exploited to download files to an arbitrary location on a user's system.

Successful exploitation requires that the user is tricked into connecting and downloading a directory from a malicious FTP server.

The vulnerability is reported in the following versions:
* CuteFTP Home Version 8.2.0 Build 02.26.2008.4
* CuteFTP Pro Version 8.2.0 Build 04.01.2008.1

Other versions may also be affected.

Solution:
The vulnerability will reportedly be fixed in an upcoming version.

Provided and/or discovered by:
Tan Chew Keong

Original Advisory:
http://vuln.sg/cuteftp820-en.html

Collapse -
TYPO3 kj_imagelightbox2 Extension Cross-Site Scripting
by Marianna Schmudlach / May 27, 2008 1:15 AM PDT

Secunia Advisory: SA30386
Release Date: 2008-05-27


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: kj_imagelightbox2 (extension for TYPO3) 1.x

Description:
A vulnerability has been reported in the kj_imagelightbox2 extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks.

Unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 1.4.2. Prior versions may also be affected.

Solution:
Update to version 1.4.3.
http://typo3.org/extensions/repository/view/kj_imagelightbox2/1.4.3/

Provided and/or discovered by:
The vendor credits Michael Raberger.

Original Advisory:
http://typo3.org/teams/security/security-bulletins/typo3-20080527-1/

Collapse -
Cross-site scripting hole in Facebook closed
by Marianna Schmudlach / May 27, 2008 1:45 AM PDT

27 May 2008

Facebook, the second largest social networking site, was vulnerable to cross-site scripting attacks up to the end of last week. It was possible to inject and execute malicious JavaScript on user browsers. Attackers were reportedly able to redirect visitors to infected websites automatically or steal login information.

The flaw has been fixed, but a demonstration can still be found in the archive of the "XSSed Project". An estimated 70 million users were vulnerable to attack, but it is unclear whether the flaw was ever actually exploited. Facebook thus turns out to be just as unsafe as other such popular portals as MySpace and Orkut.

More: http://www.heise-online.co.uk/security/Cross-site-scripting-hole-in-Facebook-closed--/news/110804

Collapse -
Security update for Mambo
by Marianna Schmudlach / May 27, 2008 1:46 AM PDT

The developers of the content management system Mambo have released version 4.6.4, which fixes three security flaws. According to their security advisory, manipulated articleid and mcname parameters could be used to transmit arbitrary commands to the underlying database. For the attack to succeed the magic_quotes_gpc PHP option has to be disabled.

More: http://www.heise-online.co.uk/security/Security-update-for-Mambo--/news/110803

Collapse -
TYPO3 modules allow SQL injection and cross-site scripting
by Marianna Schmudlach / May 27, 2008 1:47 AM PDT

The developers of the kj_imagelightbox2 and sg_zfelib add-on modules for the TYPO3 open source content management system have patched security holes that allow attackers to inject SQL commands or conduct cross-site scripting attacks. The modules are all provided by third parties and are not part of the standard TYPO3 installation.

The Library for Frontend plugins (sg_zfelib) does not filter user input, allowing SQL commands that provide attackers with read access to the database to be injected. The sg_zfelib provides functions for other libraries, which may also be affected by the flaw. The TYPO3 developers list the following add-on components as examples:

More: http://www.heise-online.co.uk/security/TYPO3-modules-allow-SQL-injection-and-cross-site-scripting--/news/110802

Collapse -
Effects of vulnerability in eMule Plus still unclear
by Marianna Schmudlach / May 27, 2008 1:49 AM PDT

After eDonkey, eMule is one of the most popular clients for peer-to-peer networks. Users can tweak the clients and improve download rates using "mods". But now the developers say they have discovered a security vulnerability.

The developers have not released a security advisory. Instead, the change log merely states that the current version patches a flaw in the processing of the staticservers.dat file. This file stores a user-extensible list of servers that are constantly reachable online and therefore provide easy access to the eDonkey network.

More: http://www.heise-online.co.uk/security/Effects-of-vulnerability-in-eMule-Plus-still-unclear--/news/110801

Collapse -
Adobe Flash Player Unspecified Remote Code Execution Vulnera
by Marianna Schmudlach / May 27, 2008 5:19 AM PDT

Title : Adobe Flash Player Unspecified Remote Code Execution Vulnerability
Advisory ID : FrSIRT/ADV-2008-1662
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-05-27

A vulnerability has been identified in Adobe Flash Player, which could be exploited by remote attackers to take complete control of an affected system. This issue is caused by an unspecified memory corruption error when processing a malformed SWF file, which could be exploited by attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a specially crafted web page.

Note : This vulnerability is reportedly being exploited in the wild.

Credits

Vulnerability reported by Symantec.

http://www.frsirt.com/english/advisories/2008/1662

Collapse -
Adobe Flash zero-day exploit in the wild

May 27th, 2008
Posted by Ryan Naraine

Malware hunters have spotted a previously unknown ? and unpatched ? Adobe Flash vulnerability being exploited in the wild.

The zero-day flaw has been added to the Chinese version of the MPack exploit kit and there are signs that the exploits are being injected into third-party sites to redirect targets to malware-laden servers.

Technical details on the vulnerability are not yet available. Adobe?s product security incident response team is investigating.

More: http://blogs.zdnet.com/security/?p=1189&tag=nl.e589

Collapse -
Adobe Flash Player Vulnerability
by Marianna Schmudlach / May 27, 2008 12:11 PM PDT

added May 27, 2008 at 06:44 pm

US-CERT is aware of public reports of a vulnerability in Adobe Flash Player. By convincing a user to open a specially crafted Flash file, a remote, unauthenticated attacker may be able to execute arbitrary code. Public reports indicate that this vulnerability is being actively exploited.

To help mitigate the risks, US-CERT encourages users to implement best security practices as described in the Securing Your Web Browser document.

US-CERT will provide additional information as it becomes available.

http://www.us-cert.gov/current/current_activity.html#adobe_flash_player_vulnerability

Collapse -
ThinkVantage System Update Certificate Validation Bypass
by Marianna Schmudlach / May 27, 2008 5:21 AM PDT

Title : ThinkVantage System Update Certificate Validation Bypass
Advisory ID : FrSIRT/ADV-2008-1661
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2008-05-27

A vulnerability has been identified in IBM Lenovo ThinkVantage System Update, which could be exploited by attackers to bypass security restrictions. This issue is caused by an error in the Client DLL that does not perform certificate chain verification when initiating an SSL connection with the update server, which could be exploited by attackers to trick a user into connecting to a malicious server (e.g. through DNS spoofing) to automatically download and execute a malicious binary file.

Credits

Vulnerability reported by Derek Callaway (Security Objectives).

http://www.frsirt.com/english/advisories/2008/1661

Collapse -
Additional problems with SP3 for Windows XP
by Marianna Schmudlach / May 27, 2008 12:15 PM PDT
Popular Forums
icon
Computer Help 51,912 discussions
icon
Computer Newbies 10,498 discussions
icon
Laptops 20,411 discussions
icon
Security 30,882 discussions
icon
TVs & Home Theaters 21,253 discussions
icon
Windows 10 1,672 discussions
icon
Phones 16,494 discussions
icon
Windows 7 7,855 discussions
icon
Networking & Wireless 15,504 discussions

GREAT SHOWS WITHOUT CABLE

Get live TV over the internet

Say goodbye to cable -- check out the top five live TV streaming services available now.