Thread display:
Collapse /
Expand
25 total posts
Collapse -
OSK Advance-Flow Unspecified Parameter Handling Cross Site S
OSK Advance-Flow Unspecified Parameter Handling Cross Site Scripting Vulnerability
Advisory ID : FrSIRT/ADV-2007-1884
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
A vulnerability has been identified in OSK Advance-Flow, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by unspecified input validation errors when processing user-supplied parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
Affected Products
OSK Advance-Flow version 4.41 and prior
Solution
Upgrade to OSK Advance-Flow version 4.42 :
http://www.evalue.jp/pro/af/
References
http://www.frsirt.com/english/advisories/2007/1884
http://jvn.jp/jp/JVN%2392832583/index.html
http://www.evalue.jp/support/security/IPA_92832583.asp
Credits
Vulnerability reported by JVN
Collapse -
HLstats "hlstats.php" URL Processing Client-Side Cross Site
HLstats "hlstats.php" URL Processing Client-Side Cross Site Scripting Vulnerability
Advisory ID : FrSIRT/ADV-2007-1882
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
A vulnerability has been identified in HLstats, which could be exploited by attackers to execute arbitrary scripting code. This issue is caused by an input validation error in the "hlstats.php" script when processing user-supplied URLs, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
Affected Products
HLstats version 1.35 and prior
Solution
The FrSIRT is not aware of any official supplied patch for this issue.
References
http://www.frsirt.com/english/advisories/2007/1882
Credits
Vulnerability reported by John Martinelli
Collapse -
SunLight CMS "root" Parameter Handling Remote PHP File Inclu
SunLight CMS "root" Parameter Handling Remote PHP File Inclusion Vulnerability
Advisory ID : FrSIRT/ADV-2007-1885
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
A vulnerability has been identified in SunLight CMS, which could be exploited by remote attackers to compromise a vulnerable web server. This issue is caused by input validation errors in the "_connect.php" and "modules/startup.php" scripts when processing the "root" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.
Affected Products
SunLight CMS version 5.3 and prior
Solution
Upgrade to SunLight CMS version 5.3.3 :
http://sunlight.profitux.cz/sekce-na-stazeni-10.html
References
http://www.frsirt.com/english/advisories/2007/1885
Credits
Vulnerability reported by Cyber-Security
Collapse -
Libstats "rInfo[content]" Parameter Handling Remote PHP File
Libstats "rInfo[content]" Parameter Handling Remote PHP File Inclusion Vulnerability
Advisory ID : FrSIRT/ADV-2007-1880
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
A vulnerability has been identified in Libstats, which could be exploited by remote attackers to compromise a vulnerable web server. This issue is caused by an input validation error in the "template_csv.php" script when processing the "rInfo[content]" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.
Affected Products
Libstats version 1.0.3 and prior
Solution
The FrSIRT is not aware of any official supplied patch for this issue.
References
http://www.frsirt.com/english/advisories/2007/1880
Credits
Vulnerability reported by Cyber-Security
Collapse -
Debian Security Update Fixes XFree86 Code Execution and Priv
Debian Security Update Fixes XFree86 Code Execution and Privilege Escalation Issues
Advisory ID : FrSIRT/ADV-2007-1871
CVE ID : CVE-2007-1003 - CVE-2007-1351 - CVE-2007-1352 - CVE-2007-1667
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
Multiple vulnerabilities have been identified in Debian, which could be exploited by attackers to execute arbitrary code. These issues are caused by errors in XFree86. For additional information, see : FrSIRT/ADV-2007-1217
Affected Products
Debian GNU/Linux sarge
Solution
Upgrade to xfree86 version 4.3.0.dfsg.1-14sarge4.
References
http://www.frsirt.com/english/advisories/2007/1871
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00051.html
Collapse -
Mandriva Security Update Fixes Squirrelmail Multiple Cross S
Mandriva Security Update Fixes Squirrelmail Multiple Cross Site Scripting Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-1869
CVE ID : CVE-2007-1262 - CVE-2007-2589
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
Multiple vulnerabilities have been identified in Mandriva, which could be exploited by attackers to execute arbitrary scripting code. These issues are caused by errors in Squirrelmail. For additional information, see : FrSIRT/ADV-2007-1748
Affected Products
Mandriva Corporate 3.0
Mandriva Corporate 4.0
Solution
Upgrade the affected packages
References
http://www.frsirt.com/english/advisories/2007/1869
http://archives.mandrivalinux.com/security-announce/2007-05/msg00021.php
Collapse -
Mandriva Security Update Fixes Evolution Information Disclos
Mandriva Security Update Fixes Evolution Information Disclosure Security Weakness
Advisory ID : FrSIRT/ADV-2007-1870
CVE ID : CVE-2007-1558
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
A weakness has been identified in Mandriva, which could be exploited by remote attackers to gain knowledge of sensitive information. This issue is caused by an error in Evolution. For additional information, see : FrSIRT/ADV-2007-1467
Affected Products
Mandriva Linux 2007.0
Mandriva Linux 2007.1
Mandriva Corporate 3.0
Solution
Upgrade the affected package
References
http://www.frsirt.com/english/advisories/2007/1870
http://archives.mandrivalinux.com/security-announce/2007-05/msg00022.php
Collapse -
Debian Security Update Fixes XFree86 Code Execution and Priv
Debian Security Update Fixes XFree86 Code Execution and Privilege Escalation Issues
Advisory ID : FrSIRT/ADV-2007-1871
CVE ID : CVE-2007-1003 - CVE-2007-1351 - CVE-2007-1352 - CVE-2007-1667
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
Multiple vulnerabilities have been identified in Debian, which could be exploited by attackers to execute arbitrary code. These issues are caused by errors in XFree86. For additional information, see : FrSIRT/ADV-2007-1217
Affected Products
Debian GNU/Linux sarge
Solution
Upgrade to xfree86 version 4.3.0.dfsg.1-14sarge4.
References
http://www.frsirt.com/english/advisories/2007/1871
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00051.html
Collapse -
Debian Security Update Fixes PHP5 Buffer Overflow and Securi
Debian Security Update Fixes PHP5 Buffer Overflow and Security Bypass Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-1872
CVE ID : CVE-2007-2509 - CVE-2007-2510
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
Multiple vulnerabilities have been identified in Debian, which could be exploited by attackers to bypass security checks and execute arbitrary code. These issues are caused by errors in PHP. For additional information, see : FrSIRT/ADV-2007-1657
Affected Products
Debian GNU/Linux etch
Debian GNU/Linux sid
Solution
Debian GNU/Linux etch - Upgrade to php5 version 5.2.0-8+etch4
Debian GNU/Linux sid - Upgrade to php5 version 5.2.2-1
References
http://www.frsirt.com/english/advisories/2007/1872
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00052.html
Collapse -
Slackware Security Update Fixes Libpng tRNS Chunk Processing
Collapse -
Turbolinux Security Update Fixes PHP Code Execution and Secu
Turbolinux Security Update Fixes PHP Code Execution and Security Bypass Vulnerabilities
Advisory ID : FrSIRT/ADV-2007-1874
CVE ID : CVE-2007-1001 - CVE-2007-1285 - CVE-2007-1286 - CVE-2007-1583 - CVE-2007-1711 - CVE-2007-1718
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
Multiple vulnerabilities have been identified in Turbolinux, which could be exploited by attackers to bypass security restrictions, cause a denial of service or execute arbitrary code. These issues are caused by errors in PHP. For additional information, see : FrSIRT/ADV-2007-1269 - FrSIRT/ADV-2007-0791
Affected Products
Turbolinux Appliance Server 2.0
Turbolinux 10 Server x64 Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux 10 Server
Turbolinux Home
Turbolinux 10 F...
Turbolinux 10 Desktop
Turbolinux Multimedia
Turbolinux Personal
Turbolinux 8 Server
Solution
Upgrade the affected packages :
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/
References
http://www.frsirt.com/english/advisories/2007/1874
http://www.turbolinux.com/security/2007/TLSA-2007-29.txt
Collapse -
rPath Security Update Fixes Libpng tRNS Chunk Processing Den
rPath Security Update Fixes Libpng tRNS Chunk Processing Denial of Service Issue
Advisory ID : FrSIRT/ADV-2007-1875
CVE ID : CVE-2007-2445
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
A vulnerability has been identified in rPath, which could be exploited by attackers to cause a denial of service. This issue is caused by an error in Libpng. For additional information, see : FrSIRT/ADV-2007-1838
Affected Products
rPath Linux 1
Solution
Upgrade the affected package to :
libpng=/conary.rpath.com at rpl:devel//1/1.2.18-1-0.1
References
http://www.frsirt.com/english/advisories/2007/1875
http://lists.rpath.com/pipermail/security-announce/2007-May/000188.html
Collapse -
rPath Security Update Fixes Python "PyLocale_strxfrm()" Memo
rPath Security Update Fixes Python "PyLocale_strxfrm()" Memory Disclosure Issue
Advisory ID : FrSIRT/ADV-2007-1876
CVE ID : CVE-2007-2052
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
A vulnerability has been identified in rPath, which could be exploited by attackers to gain knowledge of potentially sensitive information. This issue is caused by an error in Python. For additional information, see : FrSIRT/ADV-2007-1465
Affected Products
rPath Linux 1
Solution
Upgrade the affected packages :
python=/conary.rpath.com at rpl:devel//1/2.4.1-20.9-1
idle=/conary.rpath.com at rpl:devel//1/2.4.1-20.9-1
References
http://www.frsirt.com/english/advisories/2007/1876
http://lists.rpath.com/pipermail/security-announce/2007-May/000189.html
Collapse -
Gentoo Security Update Fixes PhpWiki Arbitrary File Upload C
Gentoo Security Update Fixes PhpWiki Arbitrary File Upload Code Execution Issues
Advisory ID : FrSIRT/ADV-2007-1877
CVE ID : CVE-2007-2024 - CVE-2007-2025
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
Multiple vulnerabilities have been identified in Gentoo, which could be exploited by attackers to execute arbitrary code. These issues are caused by errors in PhpWiki. For additional information, see : FrSIRT/ADV-2007-1400
Affected Products
www-apps/phpwiki versions prior to 1.3.10-r3
Solution
Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=www-apps/phpwiki-1.3.10-r3"
References
http://www.frsirt.com/english/advisories/2007/1877
http://www.gentoo.org/security/en/glsa/glsa-200705-16.xml
Collapse -
Gentoo Security Update Fixes pptpd "decaps_gre()" Denial of
Gentoo Security Update Fixes pptpd "decaps_gre()" Denial of Service Vulnerability
Advisory ID : FrSIRT/ADV-2007-1878
CVE ID : CVE-2007-0244
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
A vulnerability has been identified in Gentoo, which could be exploited by remote attackers to cause a denial of service. This issue is caused by errors in pptpd. For additional information, see : FrSIRT/ADV-2007-1743
Affected Products
net-dialup/pptpd versions prior to 1.3.4
Solution
Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=net-dialup/pptpd-1.3.4"
References
http://www.frsirt.com/english/advisories/2007/1878
http://www.gentoo.org/security/en/glsa/glsa-200705-18.xml
Collapse -
Gentoo Security Update Fixes Apache mod_security Security By
Gentoo Security Update Fixes Apache mod_security Security Bypass Vulnerability
Advisory ID : FrSIRT/ADV-2007-1879
CVE ID : CVE-2007-1359
Rated as : Low Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-05-21
Technical Description
A vulnerability has been identified in Gentoo, which could be exploited by remote attackers to bypass security checks. This issue is caused by an error in Apache mod_security. For additional information, see : FrSIRT/ADV-2007-0868
Affected Products
net-www/mod_security versions prior to 2.1.1
Solution
Upgrade the affected package :
# emerge --sync
# emerge --ask --oneshot --verbose " >=net-www/mod_security-2.1.1"
References
http://www.frsirt.com/english/advisories/2007/1879
http://www.gentoo.org/security/en/glsa/glsa-200705-17.xml
Collapse -
Packeteer PacketShaper TCP ISN Generation Weakness
TITLE:
Packeteer PacketShaper TCP ISN Generation Weakness
SECUNIA ADVISORY ID:
SA25344
VERIFY ADVISORY:
http://secunia.com/advisories/25344/
CRITICAL:
Not critical
IMPACT:
Spoofing
WHERE:
From local network
OPERATING SYSTEM:
PacketWise 7.x
http://secunia.com/product/7652/
DESCRIPTION:
nnposter has reported a weakness in Packeteer PacketShaper, which can
be exploited by malicious people to spoof TCP connections.
The problem is that TCP ISNs (Initial Sequence Numbers) are generated
in a predictable way and can be exploited to spoof TCP connections.
The weakness is reported in versions 7.3.0g2 and 7.5.0g1. Other
versions may also be affected.
SOLUTION:
Restrict network access to the device management interfaces.
PROVIDED AND/OR DISCOVERED BY:
nnposter
Collapse -
Opera Torrent File Handling Buffer Overflow Vulnerability
TITLE:
Opera Torrent File Handling Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA25278
VERIFY ADVISORY:
http://secunia.com/advisories/25278/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Opera 9.x
http://secunia.com/product/10615/
DESCRIPTION:
A vulnerability has been reported in Opera, which can be exploited by
malicious people to compromise a user's system.
The vulnerability is caused due to an error in the handling of
torrent files and can be exploited to cause a buffer overflow when a
user right-clicks a malicious torrent entry in the transfer manager.
Successful exploitation allows execution of arbitrary code.
The vulnerability is reported in versions prior to 9.21 for Windows.
SOLUTION:
Update to version 9.21.
http://www.opera.com/download/
PROVIDED AND/OR DISCOVERED BY:
The vendor credits iDefense Labs.
Collapse -
WordPress "admin-ajax.php" SQL Injection
TITLE:
WordPress "admin-ajax.php" SQL Injection
SECUNIA ADVISORY ID:
SA25345
VERIFY ADVISORY:
http://secunia.com/advisories/25345/
CRITICAL:
Moderately critical
IMPACT:
Manipulation of data, Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
WordPress 2.x
http://secunia.com/product/6745/
DESCRIPTION:
Janek Vind has discovered a vulnerability in WordPress, which can be
exploited by malicious people to conduct SQL injection attacks.
Input passed to the "cookie" parameter in wp-admin/admin-ajax.php is
not properly sanitised before being used in SQL queries. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows e.g. retrieving administrator password
hashes, but requires knowledge of the database table prefix.
The vulnerability is confirmed in version 2.1.3. Prior versions may
also be affected.
SOLUTION:
Update to version 2.2.
PROVIDED AND/OR DISCOVERED BY:
Janek Vind a.k.a. waraxe
ORIGINAL ADVISORY:
http://www.waraxe.us/advisory-50.html
Collapse -
LEADTOOLS LEAD Thumbnail Browser Control ActiveX Control Buf
TITLE:
LEADTOOLS LEAD Thumbnail Browser Control ActiveX Control Buffer
Overflow
SECUNIA ADVISORY ID:
SA25376
VERIFY ADVISORY:
http://secunia.com/advisories/25376/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
LEADTOOLS LEAD Thumbnail Browser Control 14.x
http://secunia.com/product/14277/
DESCRIPTION:
shinnai has discovered a vulnerability in LEADTOOLS LEAD Thumbnail
Browser Control ActiveX control, which can be exploited by malicious
people to compromise a user's system.
The vulnerability is caused due to a boundary error in the LEAD
Thumbnail Browser Control (lttmb14E.ocx) ActiveX control when
handling the "BrowseDir()" method. This can be exploited to cause a
stack-based buffer overflow via an overly long argument passed to the
affected method.
Successful exploitation allows execution of arbitrary code when a
user visits a malicious web site.
The vulnerability is confirmed in version 14.5.0.44. Other versions
may also be affected.
SOLUTION:
Set the kill-bit for the affected ActiveX control.
PROVIDED AND/OR DISCOVERED BY:
shinnai
ORIGINAL ADVISORY:
http://moaxb.blogspot.com/2007/05/moaxb-19-leadtools-thumbnail-browser.html
Collapse -
LEADTOOLS LEAD Raster Thumbnail Object Library ActiveX Contr
TITLE:
LEADTOOLS LEAD Raster Thumbnail Object Library ActiveX Control Buffer
Overflow
SECUNIA ADVISORY ID:
SA25331
VERIFY ADVISORY:
http://secunia.com/advisories/25331/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
LEADTOOLS LEAD Raster Thumbnail Object Library 14.x
http://secunia.com/product/14278/
DESCRIPTION:
shinnai has discovered a vulnerability in LEADTOOLS LEAD Raster
Thumbnail Object Library ActiveX control, which can be exploited by
malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the LEAD
Raster Thumbnail Object Library (LTRTM14e.DLL) ActiveX control when
handling the "BrowseDir()" method. This can be exploited to cause a
stack-based buffer overflow via an overly long argument passed to the
affected method.
Successful exploitation allows execution of arbitrary code when a
user visits a malicious web site.
The vulnerability is confirmed in version 14.5.0.44. Other versions
may also be affected.
SOLUTION:
Set the kill-bit for the affected ActiveX control.
PROVIDED AND/OR DISCOVERED BY:
shinnai
ORIGINAL ADVISORY:
http://moaxb.blogspot.com/2007/05/moaxb-20-leadtools-raster-thumbnail.html
Collapse -
RM EasyMail Plus "d" Cross-Site Scripting
TITLE:
RM EasyMail Plus "d" Cross-Site Scripting
SECUNIA ADVISORY ID:
SA25326
VERIFY ADVISORY:
http://secunia.com/advisories/25326/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
RM EasyMail Plus
http://secunia.com/product/14267/
DESCRIPTION:
John Martinelli has reported a vulnerability in RM EasyMail Plus,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Input passed to the "d" parameter in cp/ps/Main/login/Login is not
properly sanitised before it is returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.
SOLUTION:
Filter malicious requests in a proxy or firewall.
PROVIDED AND/OR DISCOVERED BY:
John Martinelli
ORIGINAL ADVISORY:
http://redlevel.org/wp-content/uploads/2007/05/rmeasymail.txt
Collapse -
GaliX Multiple Cross-Site Scripting Vulnerabilities
TITLE:
GaliX Multiple Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID:
SA25324
VERIFY ADVISORY:
http://secunia.com/advisories/25324/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
From remote
SOFTWARE:
GaliX 2.x
http://secunia.com/product/14268/
DESCRIPTION:
John Martinelli has discovered some vulnerabilities in GaliX, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Input passed to the "galix_cat_detail", "galix_gal_detail", and
"galix_cat_detail_sort" parameters in index.php is not properly
sanitised before it is returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.
The vulnerabilities are confirmed in version 2.0. Other versions may
also be affected.
SOLUTION:
Edit the source code to ensure that input is properly sanitised.
PROVIDED AND/OR DISCOVERED BY:
John Martinelli
ORIGINAL ADVISORY:
http://redlevel.org/wp-content/uploads/2007/05/galix.txt