Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - May 15, 2012

by: Carol~ May 15, 2012 10:18 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - May 15, 2012

by Carol~ Moderator - 5/15/12 10:18 AM

socat "xioscan_readline()" Buffer Overflow Vulnerability

Release Date : 2012-05-15

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: socat 1.x

Description:
A vulnerability has been reported in socat, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within the "xioscan_readline()" function (xio-readline.c) when parsing data via the READLINE address and can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 1.7.2.1.

Solution:
Update to version 1.7.2.1.

Provided and/or discovered by:
The vendor credits Johan Thillemann.

Original Advisory:
http://www.dest-unreach.org/socat/contrib/socat-secadv3.html

http://secunia.com/advisories/49105/


Reply
Report offensive post
Email to friend

TagLib MP4 File Parsing Division By Zero Denial of Service

by Carol~ Moderator - 5/15/12 10:24 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

TagLib MP4 File Parsing Division By Zero Denial of Service Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Software: TagLib 1.x

Description:
A vulnerability has been reported in TagLib, which can be exploited by malicious people to cause a DoS (Denial of Service) of the application using the library.

The vulnerability is caused due to a division by zero error within the parsing of MP4 files can be exploited to cause a crash.

The vulnerability is reported in versions prior to 1.7.2.

Solution:
Update to version 1.7.2.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://mail.kde.org/pipermail/taglib-devel/2012-April/002244.html

http://secunia.com/advisories/49159/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for mariadb

by Carol~ Moderator - 5/15/12 10:24 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
Where : From local network
Solution Status : Vendor Patch

Operating System: openSUSE 11.4

Description:
SUSE has issued an update for mariadb. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain knowledge of sensitive information and manipulate certain data, by malicious users to gain knowledge of sensitive information, manipulate certain data, and cause a DoS (Denial of Service), and by malicious people to cause a DoS.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0619-1:
https://hermes.opensuse.org/messages/14566510

http://secunia.com/advisories/49174/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for chromium and v8

by Carol~ Moderator - 5/15/12 10:24 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

Release Date : 2012-05-15

Criticality level : Highly critical
Impact : Unknown
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 12.1

Description:
SUSE has issued an update for chromium and v8. This fixes multiple vulnerabilities, where some have an unknown impact and others can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0613-1:
https://hermes.opensuse.org/messages/14565591

http://secunia.com/advisories/49175/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for kernel

by Carol~ Moderator - 5/15/12 10:24 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

Release Date : 2012-05-15

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System: SUSE Linux Enterprise Server (SLES) 11

Software: SUSE Linux Enterprise 11 High Availability Extension

Description:
SUSE has issued an update for the kernel. This fixes multiple vulnerabilities, which can be exploited by malicious, local users and malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
SUSE-SU-2012:0616-1:
https://hermes.opensuse.org/messages/14566472

http://secunia.com/advisories/49178/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for mysql-cluster

by Carol~ Moderator - 5/15/12 10:24 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Privilege escalation
DoS
Where : From local network
Solution Status : Vendor Patch

Operating System: openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for mysql-cluster. This fixes multiple vulnerabilities, which can be exploited by malicious users to gain escalated privileges and cause a DoS (Denial of Service).

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0617-1:
https://hermes.opensuse.org/messages/14566470

http://secunia.com/advisories/49179/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for mysql-community-server

by Carol~ Moderator - 5/15/12 10:24 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
Where : From local network
Solution Status : Vendor Patch

Operating System: openSUSE 11.4

Description:
SUSE has issued an update for mysql-community-server. This fixes multiple vulnerabilities, which can be exploited by malicious, local users to gain knowledge of sensitive information and manipulate certain data, by malicious users to gain knowledge of sensitive information, manipulate certain data, and cause a DoS (Denial of Service), and by malicious people to cause a DoS.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2012:0618-1:
https://hermes.opensuse.org/messages/14566469

http://secunia.com/advisories/49180/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress 2 Click Social Media Buttons Two Cross-Site

by Carol~ Moderator - 5/15/12 10:29 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress 2 Click Social Media Buttons Two Cross-Site Scripting Vulnerabilities

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress 2 Click Social Media Buttons Plugin 0.x

Description:
Two vulnerabilities have been discovered in the 2 Click Social Media Buttons plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "pinterest-url" parameter in wp-content/plugins/2-click-socialmedia-buttons/libs/pinterest.php (when "pinterest-description" is set) and "xing-url" in wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 0.32.2. Other versions may also be affected.

Solution:
Update to version 0.35.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen

Original Advisory:
http://packetstormsecurity.org/files/112711/WordPress-2-Click-Social-Media-Buttons-0.32.2-Cross-Site-Scripting.html

http://secunia.com/advisories/49181/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Gentoo update for chromium

by Carol~ Moderator - 5/15/12 10:29 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

Release Date : 2012-05-15

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Gentoo Linux

Description:
Gentoo has issued an update for chromium. This fixes multiple vulnerabilities, which can be exploited by malicious people to compromise a user's system.

Solution:
Update to "www-client/chromium-18.0.1025.168" or later.

Original Advisory:
GLSA 201205-01:
http://www.gentoo.org/security/en/glsa/glsa-201205-01.xml

http://secunia.com/advisories/49075/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress CodeStyling Localization Plugin "name" Cross-Site

by Carol~ Moderator - 5/15/12 10:29 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress CodeStyling Localization Plugin "name" Cross-Site Scripting Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: WordPress CodeStyling Localization 1.x

Description:
A vulnerability has been discovered in the CodeStyling Localization plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "name" parameter to wp-admin/admin-ajax.php is not properly sanitised in wp-content/plugins/codestyling-localization/codestyling-localization.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.99.17. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen.

Original Advisory:
http://packetstormsecurity.org/files/112709/WordPress-CodeStyling-Localization-1.99.16-Cross-Site-Scripting.html

http://secunia.com/advisories/49037/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress CataBlog Plugin "category" Cross-Site Scripting

by Carol~ Moderator - 5/15/12 10:29 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress CataBlog Plugin "category" Cross-Site Scripting Vulnerabilities

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress CataBlog Plugin 1.x

Description:
Two vulnerabilities have been discovered in the CataBlog plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "catageory" parameter in wp-admin/admin.php (when "page" is set to "catablog-gallery" or "catablog") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 1.6.2. Prior versions may also be affected.

Solution:
Update to version 1.6.3.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen

Original Advisory:
http://packetstormsecurity.org/files/112710/WordPress-CataBlog-1.6-Cross-Site-Scripting.html

http://secunia.com/advisories/49088/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

eLearning Server "nid" SQL Injection Vulnerability

by Carol~ Moderator - 5/15/12 10:29 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

Release Date : 2012-05-15

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: eLearning Server

Description:
A vulnerability has been reported in eLearning Server, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "nid" parameter to news.php4 is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Solution:
Filter malicious characters and character sequences using a proxy.

Provided and/or discovered by:
Eugene Salov and Andrey Komarov.

Original Advisory:
www.exploit-db.com/exploits/18858/

http://secunia.com/advisories/49126/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Dynamic Widgets Plugin "id" Cross-Site Scripting

by Carol~ Moderator - 5/15/12 10:30 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress Dynamic Widgets Plugin "id" Cross-Site Scripting Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Dynamic Widgets Plugin 1.x

Description:
A vulnerability has been discovered in the Dynamic Widgets plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "id" parameter to wp-admin/themes.php (when "page" is set to "dynwid-config" and "action" is set to "edit") is not properly sanitised in wp-content/plugins/dynamic-widgets/dynwid_admin_edit.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.5.1. Prior versions may also be affected.

Solution:
Update to version 1.5.2.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen.

Original Advisory:
http://packetstormsecurity.org/files/112706/WordPress-Dynamic-Widgets-1.5.1-Cross-Site-Scripting.html

http://secunia.com/advisories/49135/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Adobe Photoshop CS5 Collada File Processing Buffer Overflow

by Carol~ Moderator - 5/15/12 10:35 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

Adobe Photoshop CS5 Collada File Processing Buffer Overflow Vulnerability

Release Date : 2012-05-15

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: Adobe Photoshop CS5 12.x

Description:
Andrea Micalizzi has discovered a vulnerability in Adobe Photoshop CS5, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the U3D.8BI plug-in when processing certain Collada file elements. This can be exploited to cause a stack-based buffer overflow via a specially crafted DAE file.

Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious file.

The vulnerability is confirmed in version CS5 12.1 (20110328.r.145). Other versions may also be affected.

Solution:
Upgrade to Adobe Photoshop CS6.

Provided and/or discovered by:
Andrea Micalizzi (rgod)

Original Advisory:
http://retrogod.altervista.org/9sg_photoshock_adv.htm

http://secunia.com/advisories/49160/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress WP Easy Gallery Plugin Cross-Site Scripting

by Carol~ Moderator - 5/15/12 10:35 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress WP Easy Gallery Plugin Cross-Site Scripting Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: WordPress WP Easy Gallery Plugin 1.x

Description:
A vulnerability has been discovered in the WP Easy Gallery plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "select_gallery" or "galleryId" parameter to wp-admin/admin.php (when "page" is set to "edit-gallery") is not properly sanitised in wp-content/plugins/wp-easy-gallery/admin/edit-gallery.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.8. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen.

Original Advisory:
http://packetstormsecurity.org/files/112687/WordPress-WP-Easy-Gallery-1.7-Cross-Site-Scripting.html

http://secunia.com/advisories/49190/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

eZ Publish eZ Style Editor Extension Content Removal

by Carol~ Moderator - 5/15/12 10:35 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

eZ Publish eZ Style Editor Extension Content Removal Security Bypass Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: eZ Publish eZ Style Editor Extension 1.x

Description:
A vulnerability has been reported in the eZ Style Editor extension for eZ Publish, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error related to removing an image and can be exploited to remove an arbitrary object by using a valid node ID.

The vulnerability is reported in versions 1.0, 1.1, 1.2, 1.3, and 1.4.

Solution:
Apply update.

Provided and/or discovered by:
The vendor credits Yann Michard, Oppida.

Original Advisory:
http://share.ez.no/community-project/security-advisories/ezsa-2012-004-content-removal-access-check-issue-in-ezstyleeditor-extension

http://secunia.com/advisories/47229/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

eZ Publish eZ Online Editor Extension Meta Information

by Carol~ Moderator - 5/15/12 10:35 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

eZ Publish eZ Online Editor Extension Meta Information Disclosure Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: eZ Publish 4.x

Description:
A vulnerability has been reported in eZ Publish, which can be exploited by malicious users to disclose potentially sensitive information.

The vulnerability is caused due to an error related to browsing for content objects, tagging, reading, and editing within the eZ Online Editor extension and can be exploited to disclose meta information about content nodes.

Successful exploitation requires access rights to the eZ Online Editor functionality.

The vulnerability is reported in eZ Online Editor extension versions 5.0, 5.1, 5.2, 5.3, and 5.4.

Solution:
Apply update.

Provided and/or discovered by:
The vendor credits Yann Michard, Oppida.

Original Advisory:
http://share.ez.no/community-project/security-advisories/ezsa-2012-002-information-disclosure-issue-in-ezoe-extension

http://secunia.com/advisories/49031/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

eZ Publish ezoption Datatype Cross-Site Scripting

by Carol~ Moderator - 5/15/12 10:35 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

eZ Publish ezoption Datatype Cross-Site Scripting Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: eZ Publish 4.x

Description:
A vulnerability has been reported in eZ Publish, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the ezoption datatype is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions 4.0, 4.1 4.2, 4.3, 4.4, 4.5, and 4.6.

Solution:
Apply update.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://share.ez.no/community-project/security-advisories/ezsa-2011-02-cross-site-scripting-xss-issue-in-the-ezoption-datatype

http://secunia.com/advisories/49044/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

eZ Publish eZ Flow Extension Security Bypass Vulnerability

by Carol~ Moderator - 5/15/12 10:35 AM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: eZ Publish 4.x

Description:
A vulnerability has been reported in eZ Publish, which can be exploited by malicious users to bypass certain security restrictions.

The vulnerability is caused due to an error within the handling of block items in the eZ Flow extension and can be exploited to e.g. read protected content or change the order of blocks.

Successful exploitation requires access to the eZ Flow functionality.

The vulnerability is reported in eZ Flow extension versions 2.0, 2.1, 2.2, 2.3, and 2.4.

Solution:
Apply update.

Provided and/or discovered by:
The vendor credits Yann Michard, Oppida.

Original Advisory:
http://share.ez.no/community-project/security-advisories/ezsa-2012-005-block-handling-access-check-issue-in-ezflow-extension

http://secunia.com/advisories/49082/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

eZ Publish eZ Star Rating Extension Attribute ID Cross-Site

by Carol~ Moderator - 5/15/12 12:29 PM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

eZ Publish eZ Star Rating Extension Attribute ID Cross-Site Scripting Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: eZ Publish 4.x

Description:
A vulnerability has been reported in eZ Publish, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the ID of an attribute to the eZ Star Rating extension is not properly sanitised within the ezsrServerFunctions::rate() function before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in eZ Star Rating versions 1.0, 1.1, 1.2, and 1.3.

Solution:
Apply update.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
eZ Publish:
http://share.ez.no/community-project/security-advisories/ezsa-2011-03-cross-site-scripting-xss-issue-in-the-ezstarrating-extension

http://secunia.com/advisories/49083/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress WP Forum Server Two Cross-Site Scripting

by Carol~ Moderator - 5/15/12 12:29 PM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress WP Forum Server Two Cross-Site Scripting Vulnerabilities

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress WP Forum Server Plugin 1.x

Description:
Two vulnerabilities have been discovered in the WP Forum Server plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "groupid" parameter in wp-admin/admin.php (when "page" is set to "forum-server/fs-admin/fs-admin.php", "vasthtml_action" is set to "structure", and "do" is set to "editgroup") and "usergroup_id" in wp-admin/admin.php (when "page" is set to "forum-server/fs-admin/fs-admin.php", "vasthtml_action" is set to "usergroups", and "do" is set to "edit_usergroup") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in version 1.7.3 and confirmed in version 1.6.9. Other versions may also be affected.

Solution:
Update to version 1.7.4.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen

Original Advisory:
http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html

http://secunia.com/advisories/49155/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress WP Forum Server "groupid" Cross-Site Scripting

by Carol~ Moderator - 5/15/12 12:29 PM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress WP Forum Server "groupid" Cross-Site Scripting Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: WordPress WP Forum Server Plugin 1.x

Description:
A vulnerability has been discovered in the WP Forum Server plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "groupid" parameter in wp-admin/admin.php (when "page" is set to "forum-server/fs-admin/fs-admin.php", "vasthtml_action" is set to "structure", and "do" is set to "addforum") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.7.4. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen

Original Advisory:
http://packetstormsecurity.org/files/112703/WordPress-WP-Forum-Server-1.7.3-SQL-Injection-Cross-Site-Scripting.html

http://secunia.com/advisories/49167/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress PDF & Print Button Joliprint Plugin "opt" Cross

by Carol~ Moderator - 5/15/12 12:29 PM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress PDF & Print Button Joliprint Plugin "opt" Cross-Site Scripting Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress PDF & Print Button Joliprint Plugin 1.x

Description:
A vulnerability has been discovered in the PDF & Print Button Joliprint plugin for WordPress, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "opt" parameter in wp-admin/options-general.php (when "page" is set to "joliprint/joliprint_admin_options.php") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.3.0. Prior versions may also be affected.

Solution:
Update to version 1.3.1.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen

Original Advisory:
http://packetstormsecurity.org/files/112700/WordPress-PDF-And-Print-Button-Joliprint-1.3.0-Cross-Site-Scripting.html

http://secunia.com/advisories/49165/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Media Library Categories Plugin "q" Cross-Site

by Carol~ Moderator - 5/15/12 12:29 PM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress Media Library Categories Plugin "q" Cross-Site Scripting Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Media Library Categories 1.x (plugin for WordPress)

Description:
A vulnerability has been discovered in the Media Library Categories plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "q" parameter in wp-admin/upload.php (when "page" is set to "media-library-categories/view.php") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 1.1.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen

Original Advisory:
http://packetstormsecurity.org/files/112697/WordPress-Media-Categories-1.1.1-Cross-Site-Scripting.html

http://secunia.com/advisories/49170/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Distinct Intranet Servers TFTP Server Directory Traversal

by Carol~ Moderator - 5/15/12 12:29 PM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

Distinct Intranet Servers TFTP Server Directory Traversal Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Manipulation of data
Exposure of sensitive information
Where : From local network
Solution Status : Vendor Patch

Software: Distinct Intranet Servers 3.x

Description:
Spentera Research has discovered a vulnerability in Distinct Intranet Servers, which can be exploited by malicious people to disclose system information and compromise a vulnerable system.

The vulnerability is caused due to an input validation error when processing GET and PUT requests and can be exploited to download or manipulate files in arbitrary locations outside the TFTP root via directory traversal sequences.

The vulnerability is confirmed in version 3.10. Prior versions may also be affected.

Solution:
Update to version 3.11.

Provided and/or discovered by:
Tom Gregory, Spentera Research

Original Advisory:
http://www.spentera.com/advisories/2012/SPN-01-2012.pdf

http://secunia.com/advisories/49151/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Newsletter Manager Plugin Cross-Site Scripting

by Carol~ Moderator - 5/15/12 12:30 PM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress Newsletter Manager Plugin Cross-Site Scripting and Request Forgery Vulnerabilities

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: WordPress Newsletter Manager Plugin 1.x

Description:
Two vulnerabilities have been discovered in the Newsletter Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.

1) Input passed via the "id" parameter to wp-admin/admin.php (when "page" is set to "newsletter-manager-emailcampaigns") is not properly sanitised in wp-content/plugins/newsletter-manager/admin/test_mail.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change an email address and conduct script insertion attacks by tricking a logged in administrator into visiting a malicious web site.

The vulnerabilities are confirmed in version 1.0.2. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised. Do not browse untrusted websites or follow untrusted links while logged in to the application.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen.

Original Advisory:
http://packetstormsecurity.org/files/112694/WordPress-Newsletter-Manager-1.0-Cross-Site-Scripting.html

http://secunia.com/advisories/49152/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress SoundCloud Is Gold Plugin "width" Cross-Site

by Carol~ Moderator - 5/15/12 12:33 PM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress SoundCloud Is Gold Plugin "width" Cross-Site Scripting Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: WordPress SoundCloud Is Gold Plugin 2.x

Description:
A vulnerability has been discovered in the SoundCloud Is Gold plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "width" POST parameter in wp-admin/admin-ajax.php (when "action" is set to "soundcloud_is_gold_player_preview" and "request" is set to "1") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 2.1. Other versions may also be affected.

Solution:
Edit the source code to ensure that input is properly sanitised.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen

Original Advisory:
http://packetstormsecurity.org/files/112689/WordPress-Soundcloud-Is-Gold-2.1-Cross-Site-Scripting.html

http://secunia.com/advisories/49188/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Newsletter Manager Plugin "xyz_em_campName"

by Carol~ Moderator - 5/15/12 12:33 PM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress Newsletter Manager Plugin "xyz_em_campName" Cross-Site Scripting Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Newsletter Manager Plugin 1.x

Description:
A vulnerability has been discovered in the Newsletter Manager plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "xyz_em_campName" parameter to wp-admin/admin.php (when "page" is set to "newsletter-manager-emailcampaigns" or "newsletter-manager-createcampaign") is not properly sanitised in wp-content/plugins/newsletter-manager/admin/edit_campaign.php and wp-content/plugins/newsletter-manager/admin/create_campaign.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 1.0. Other versions may also be affected.

Solution:
Update to version 1.0.2.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen.

Original Advisory:
http://packetstormsecurity.org/files/112694/WordPress-Newsletter-Manager-1.0-Cross-Site-Scripting.html

http://secunia.com/advisories/49183/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Network Publisher Plugin "networkpub_key"

by Carol~ Moderator - 5/15/12 12:33 PM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress Network Publisher Plugin "networkpub_key" Cross-Site Scripting Vulnerability

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Network Publisher Plugin 5.x

Description:
A vulnerability has been discovered in the Network Publisher plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "networkpub_key" POST parameter in wp-admin/plugins.php (when "page" is set to "networkpub") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 5.0.1. Other versions may also be affected.

Solution:
Update to version 5.2.

Provided and/or discovered by:
Heine Pedersen and Torben Jensen

Original Advisory:
http://packetstormsecurity.org/files/112695/WordPress-Network-Publisher-5.0.1-Cross-Site-Scripting.html

http://secunia.com/advisories/49182/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Mingle Forum Plugin Multiple Cross-Site Scripting

by Carol~ Moderator - 5/15/12 12:57 PM

In Reply to: VULNERABILITIES / FIXES - May 15, 2012 by Carol~ Moderator

WordPress Mingle Forum Plugin Multiple Cross-Site Scripting Vulnerabilities

Release Date : 2012-05-15

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Mingle Forum Plugin 1.x

Description:
Multiple vulnerabilities have been discovered in the Mingle Forum plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

1) Input passed to the "groupid" parameter in wp-admin/admin.php (when "page" is set to "mfstructure", "mingeforum_action" is set to "structure", and "do" is set to "editgroup") and "usergroup_id" parameter in wp-admin/admin.php (when "page" is set to "mfgroups", "mingeforum_action" is set to "usergroups", and "do" is set to "edit_usergroup") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed to the "forumid" parameter in wp-admin/admin.php (when "page" is set to "mfstructure", "mingeforum_action" is set to "structure", and "do" is set to "editforum") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 1.0.33. Other versions may also be affected.

Solution:
Update to version 1.0.33.2.

Provided and/or discovered by:
1) Heine Pedersen and Torben Jensen
2) Reported by the vendor

Original Advisory:
Mingle Forum:
http://wordpress.org/extend/plugins/mingle-forum/changelog/

Heine Pedersen and Torben Jensen:
http://packetstormsecurity.org/files/112696/WordPress-Mingle-Forum-1.0.33-Cross-Site-Scripting.html

http://secunia.com/advisories/49171/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close