Spyware, viruses, & security : VULNERABILITIES \ FIXES - October 17, 2008
- 10/17/08 8:01 AM
VULNERABILITIES \ FIXES - October 17, 2008
by Marianna Schmudlach - 10/17/08 8:01 AM
Hummingbird Xweb ActiveX Control "PlainTextPassword" Property Buffer Overflow
Release Date: 2008-10-17
Critical:
Highly critical
Impact: DoS
System access
Where: From remote
Solution Status: Unpatched
Software: Exceed 10.x
Exceed 2006 11.x
Exceed 2007
Exceed 9.x
Exceed PowerSuite 10.x
Hummingbird Xweb ActiveX Control
Description:
Thomas Pollet has reported a vulnerability in Hummingbird Xweb ActiveX Control, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error within the Hummingbird.XWebHostCtrl.1 ActiveX control (hclxweb.dll) when handling the "PlainTextPassword" property. This can be exploited to cause a stack-based buffer overflow by assigning an overly long string to the affected property.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is reported in versions prior to 13.0.
Solution:
Set the kill-bit for the affected ActiveX control.
Provided and/or discovered by:
Thomas Pollet
Original Advisory:
http://milw0rm.com/exploits/6761
Mantis "sort" PHP Code Execution Vulnerability
by Marianna Schmudlach - 10/17/08 8:02 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Moderately critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Mantis 1.x
Description:
EgiX has discovered a vulnerability in Mantis, which can be exploited by malicious users to compromise a vulnerable system.
Input passed to the "sort" parameter in manage_proj_page.php is not properly sanitised before being used in a "create_function()" call. This can be exploited to execute arbitrary PHP code.
Successful exploitation requires valid user credentials.
The vulnerability is confirmed in version 1.1.2 and reported in version 1.1.3. Other versions may also be affected.
Solution:
Restrict access to manage_proj_page.php (e.g. with ".htaccess").
Provided and/or discovered by:
EgiX
Original Advisory:
http://milw0rm.com/exploits/6768
Avaya Products bzip2 Denial of Service
by Marianna Schmudlach - 10/17/08 8:04 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Less critical
Impact: DoS
Where: From remote
Solution Status: Unpatched
OS: Avaya Message Networking 2.x
Avaya Modular Messaging 2.x
Avaya Modular Messaging 3.x
Avaya SIP Enablement Services (SES) 3.x
Software: Avaya Application Enablement Services 3.x
Avaya Application Enablement Services 4.x
Avaya Communication Manager 3.x
Avaya Communication Manager 4.x
Avaya Communication Manager 5.x
Avaya Modular Messaging 4.x
Description:
Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.
Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2008-404.htm
Other References:
SA29410:
http://secunia.com/advisories/29410/
PokerMax Pro Poker League "ValidUserAdmin" Cookie Security B
by Marianna Schmudlach - 10/17/08 8:05 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
PokerMax Pro Poker League "ValidUserAdmin" Cookie Security Bypass
Release Date: 2008-10-17
Critical:
Moderately critical
Impact: Security Bypass
Where: From remote
Solution Status: Unpatched
Software: PokerMax Pro Poker League 0.x
Description:
DaRkLiFe has discovered a vulnerability in PokerMax Pro Poker League, which can be exploited by malicious people to bypass certain security restrictions.
The problem is that the application allows access to the admin interface by checking if a certain cookie exists. This can be exploited to gain administrative access to the application by creating the cookie "ValidUserAdmin" and assigning it the user name of a valid administrator.
This vulnerability is confirmed in version 0.13. Other versions may also be affected
Solution:
Ensure that proper access restrictions are implemented.
Provided and/or discovered by:
DaRkLiFe
Original Advisory:
http://milw0rm.com/exploits/6766
Habari "habari_username" Cross-Site Scripting Vulnerability
by Marianna Schmudlach - 10/17/08 8:06 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Less critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched
Software: Habari 0.x
Description:
swappie has discovered a vulnerability in Habari, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed via the "habari_username" parameter when logging in is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is confirmed in version 0.5.1. Other versions may also be affected.
Solution:
Filter malicious characters and character sequences in a proxy.
Provided and/or discovered by:
swappie aka faithlove
Original Advisory:
http://packetstorm.linuxsecurity.com/0810-exploits/habaricms-xss.txt
CafeEngine "id" Two SQL Injection Vulnerabilities
by Marianna Schmudlach - 10/17/08 8:07 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched
Software: CafeEngine
Description:
0xFFFFFF has reported two vulnerabilities in CafeEngine, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "id" parameter in dish.php and menu.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
0xFFFFFF
Original Advisory:
http://milw0rm.com/exploits/6762
EasyCafeEngine "itemid" SQL Injection Vulnerability
by Marianna Schmudlach - 10/17/08 8:08 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched
Software: EasyCafeEngine 1.x
Description:
0xFFFFFF has reported a vulnerability in EasyCafeEngine (Easy Cafe Engine), which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "itemid" parameter in index.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is reported in version 1.1. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
0xFFFFFF
Original Advisory:
http://milw0rm.com/exploits/6762
Avaya Products libxml2 Denial of Service
by Marianna Schmudlach - 10/17/08 8:10 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Unpatched
OS: Avaya Message Networking 2.x
Avaya Modular Messaging 2.x
Avaya Modular Messaging 3.x
Avaya SIP Enablement Services (SES) 3.x
Software: Avaya Application Enablement Services 3.x
Avaya Application Enablement Services 4.x
Avaya Communication Manager 3.x
Avaya Communication Manager 5.x
Avaya Modular Messaging 4.x
Avaya SIP Enablement Services (SES) 4.x
Description:
Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service).
Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.
Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2008-402.htm
Other References:
SA31566:
http://secunia.com/advisories/31566/
XOOPS hisa_cart Module Information Disclosure
by Marianna Schmudlach - 10/17/08 8:11 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Moderately critical
Impact: Exposure of sensitive information
Where: From remote
Solution Status: Vendor Patch
Software: XOOPS hisa_cart Module 1.x
Description:
Some vulnerabilities have been reported in the hisa_cart module for XOOPS, which can be exploited by malicious people to disclose potentially sensitive information.
The vulnerabilities are caused due to unspecified errors. No more information is currently available.
The vulnerabilities are reported in versions prior to 1.29.
Solution:
Update to version 1.29.
Provided and/or discovered by:
JVN
Original Advisory:
http://jvn.jp/jp/JVN67334580/index.html
WebGUI Security Bypass and Cross-Site Scripting
by Marianna Schmudlach - 10/17/08 8:12 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Moderately critical
Impact: Security Bypass
Cross Site Scripting
Manipulation of data
Where: From remote
Solution Status: Vendor Patch
Software: WebGUI 7.x
Description:
Two vulnerabilities have been reported in WebGUI, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.
1) Input passed to unspecified parameters in operation pages is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) A vulnerability is caused due to improper access restriction in the email based password recovery. This can be exploited to reset any user's password by supplying the victim's username and an e-mail address belonging to the attacker and not to the victim.
The vulnerabilities are reported in version 7.5.25. Prior versions may also be affected.
Solution:
Update to version 7.5.26.
Provided and/or discovered by:
1) Reported by the vendor.
2) Graham
Original Advisory:
http://www.webgui.org/getwebgui/advisories/webgui-7.5.26-stable-released
2) http://www.webgui.org/bugs/tracker/8790
Avaya Products ipsec-tools Denial of Service
by Marianna Schmudlach - 10/17/08 8:13 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Unpatched
OS: Avaya Message Networking 2.x
Avaya Modular Messaging 2.x
Avaya Modular Messaging 3.x
Avaya SIP Enablement Services (SES) 3.x
Software: Avaya Application Enablement Services 3.x
Avaya Communication Manager 3.x
Avaya Communication Manager 4.x
Avaya Communication Manager 5.x
Avaya Modular Messaging 4.x
Description:
Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious users and malicious people to cause a DoS (Denial of Service).
Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.
Avaya Voice Portal:
Upgrade to version 4.1 or later.
Original Advisory:
http://support.avaya.com/elmodocs2/security/ASA-2008-403.htm
Other References:
SA31450:
http://secunia.com/advisories/31450/
SA31478:
http://secunia.com/advisories/31478/
rPath update for postfix
by Marianna Schmudlach - 10/17/08 8:14 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Less critical
Impact: Exposure of sensitive information
Privilege escalation
Where: Local system
Solution Status: Vendor Patch
OS: rPath Linux 1.x
Description:
rPath has issued an update for postfix. This fixes some security issues, which can be exploited by malicious, local users to disclose potentially sensitive information and perform certain actions with escalated privileges.
Solution:
Update to:
postfix=conary.rpath.com@rpl:1/2.2.7-2.2-1
Original Advisory:
rPSA-2008-0294:
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0294
Other References:
SA31485:
http://secunia.com/advisories/31485/
rPath update for rails
by Marianna Schmudlach - 10/17/08 8:15 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Vendor Patch
OS: rPath Linux 1.x
Description:
rPath has issued an update for rails. This fixes some vulnerabilities, which can be exploited by malicious people to conduct SQL injection attacks.
Solution:
Update to "rails=conary.rpath.com@rpl:1/1.2.5-2.3-1".
Original Advisory:
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0295
Other References:
SA31875:
http://secunia.com/advisories/31875/
Slaytanic Scripts Content Plus Unspecified Vulnerabilities
by Marianna Schmudlach - 10/17/08 8:17 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Moderately critical
Impact: Unknown
Where: From remote
Solution Status: Vendor Patch
Software: Slaytanic Scripts Content Plus 2.x
Description:
Some vulnerabilities with an unknown impact have been reported in Slaytanic Scripts Content Plus.
The vulnerabilities are caused due to an unspecified error. No further information is currently available.
The vulnerabilities are reported in version 2.1.1. Other versions may also be affected.
Solution:
Update to version 2.2.0:
Provided and/or discovered by:
Reported by vendor.
Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=632842
WEB//NEWS "catid" SQL Injection Vulnerability
by Marianna Schmudlach - 10/17/08 8:18 AM
In reply to: VULNERABILITIES \ FIXES - October 17, 2008 by Marianna Schmudlach
Release Date: 2008-10-17
Critical:
Moderately critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched
Software: WEB//NEWS 1.x
Description:
David Vieira-Kurz has discovered a vulnerability in WEB//NEWS, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "catid" parameter when performing a search is not properly sanitised before being used in an SQL query in parse/module_search.php. This can be exploited manipulate SQL queries by injecting arbitrary SQL code.
The vulnerability is confirmed in version 1.4. Other versions may also be affected.
Solution:
Edit the source code to ensure that input is properly sanitised.
Provided and/or discovered by:
David Vieira-Kurz, HACKATTACK
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
