Ad: Manage updates with the Download App
ie8 fix
Click Here

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - July 09, 2012

by: Carol~ July 9, 2012 5:46 AM PDT

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - July 09, 2012

by Carol~ Moderator - 7/9/12 5:46 AM

VLC Media Player OGG Demuxer Buffer Overflow Vulnerability

Release Date : 2012-07-09

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: VLC Media Player 2.x

Description:
A vulnerability has been reported in VLC Media Player, which can be exploited by malicious people to compromise a user's system.

The vulnerability is due to a boundary error in the "Ogg_DecodePacket()" function (modules/demux/ogg.c) when processing OGG container files. This can be exploited to cause a heap-based buffer overflow via a specially crafted OGG file.

Successful exploitation may allow execution of arbitrary code, but requires tricking a user into opening a malicious file.

The vulnerability is reported in versions prior to 2.0.2.

Solution:
Update to version 2.0.2.

Provided and/or discovered by:
The vendor credits an anonymous person via SecuriTeam Secure Disclosure (SSD).

Original Advisory:
http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e

http://secunia.com/advisories/49835/


Reply
Report offensive post
Email to friend

Hitachi IT Operations Analyzer Hash Collision Denial

by Carol~ Moderator - 7/9/12 5:48 AM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

Hitachi IT Operations Analyzer Hash Collision Denial of Service Vulnerability

Release Date : 2012-07-09

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Software: Hitachi IT Operations Analyzer

Description:
Hitachi has acknowledged a vulnerability in Hitachi IT Operations Analyzer, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is reported in versions 1.0.1-01, 1.0.2 through 1.0.2-01, 1.1.0 through 1.1.0-01, 1.2.0 through 1.2.0-02, 2.0.0 through 2.0.0-01, 2.0.1, 2.5.0 through 2.5.0-01, 2.5.1, 02-51-01, 2.5.3 through 2.5.3-02, 3.0.0 through 3.0.0-02, and 3.0.1 through 3.0.1-03.

Solution:
Update to a fixed version. Please see the vendor's advisory for more details.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Hitachi:
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-019/index.html

http://secunia.com/advisories/49829/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

MGB Multiple Cross-Site Scripting and SQL Injection

by Carol~ Moderator - 7/9/12 5:49 AM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

MGB Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

Release Date : 2012-07-09

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: MGB 0.6.x.x

Description:
Stefan Schurtz has discovered multiple vulnerabilities in MGB, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks.

1) Input passed via the "p" parameter to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input passed via the "name", "city", "email", "icq", "aim", "msn", "hp", and "message" parameters to newentry.php is not properly sanitised in the "template()" function in includes/functions.inc.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Input passed via the "id" parameter to admin/admin.php (when "action" is set to "delete") is not properly sanitised in admin/delete.inc.php before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation of this vulnerability requires the "Delete post" permission.

The vulnerabilities are confirmed in version 0.6.9.1. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Stefan Schurtz.

Original Advisory:
SSCHADV2012-017:
http://www.darksecurity.de/index.php?/219-SSCHADV2012-017-MGB-OpenSource-Guestbook-0.6.9.1-Multiple-security-vulnerabilities.html

http://secunia.com/advisories/49804/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

eZ Publish eZOE Flash Player Cross-Site Request Forgery

by Carol~ Moderator - 7/9/12 8:06 AM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

eZ Publish eZOE Flash Player Cross-Site Request Forgery Vulnerability

Release Date : 2012-07-09

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: eZ Publish 4.x

Description:
A vulnerability has been reported in eZ Publish, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

The vulnerability is reported in versions 4.1, 4.2, 4.3, 4.4, 4.5, and 4.6.

Solution:
Update to the latest version, or delete the vulnerable SWF file:

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://share.ez.no/community-project/security-advisories/ezsa-2012-009-ezoe-flash-player-csrf-security-issues

http://secunia.com/advisories/49812/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Artiss Code Embed Plugin "suffix" Cross-Site

by Carol~ Moderator - 7/9/12 8:06 AM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

WordPress Artiss Code Embed Plugin "suffix" Cross-Site Scripting Vulnerability

Release Date : 2012-07-09

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Artiss Code Embed Plugin 2.x

Description:
A vulnerability has been reported in the Artiss Code Embed plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "suffix" parameter to wp-admin/admin.php (when "page" is set to "ace-search") is not properly sanitised in wp-content/plugins/simple-embed-code/includes/ace-search.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 2.0.2.

Solution:
Update to version 2.0.2.

Provided and/or discovered by:
Matt Fuller via Mozilla bug report

Original Advisory:
Artiss Code Embed:
http://wordpress.org/extend/plugins/simple-embed-code/changelog/
http://plugins.trac.wordpress.org/browser/simple-embed-code/trunk/includes/ace-search.php?rev=524767
http://plugins.trac.wordpress.org/browser/simple-embed-code/trunk/includes/ace-search.php?rev=568287

http://secunia.com/advisories/49848/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for pidgin

by Carol~ Moderator - 7/9/12 8:06 AM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

Release Date : 2012-07-09

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for pidgin. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2509-1:
http://www.debian.org/security/2012/dsa-2509

http://secunia.com/advisories/49777/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM WebSphere Portal Dojo Module Directory Traversal

by Carol~ Moderator - 7/9/12 9:09 AM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

IBM WebSphere Portal Dojo Module Directory Traversal Vulnerability

Release Date : 2012-07-09

Criticality level : Moderately critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: IBM WebSphere Portal 7.x
IBM WebSphere Portal 8.x

Description:
A vulnerability has been reported in IBM WebSphere Portal, which can be exploited by malicious people to disclose potentially sensitive information.

Certain input passed via the URL to the Dojo module is not properly verified before being used. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.

The vulnerability is reported in versions 7.0.0.1 and 7.0.0.2 before CF14, and 8.0.

Solution:
Apply APAR PM64172.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM:
https://www.ibm.com/support/docview.wss?uid=swg21598363

X-Force:
http://xforce.iss.net/xforce/xfdb/75584

http://secunia.com/advisories/49855/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Mono "ProcessRequest()" Cross-Site Scripting Vulnerability

by Carol~ Moderator - 7/9/12 9:10 AM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

Release Date : 2012-07-09

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Workaround

Software: Mono 2.x

Description:
A vulnerability has been reported in Mono, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the query string is not properly sanitised in the "ProcessRequest()" function (mcs/class/System.Web/System.Web/HttpForbiddenHandler.cs) before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 2.6.7. Prior versions may also be affected.

Solution:
Fixed in the GIT repository.

Provided and/or discovered by:
Reported by Marcus Meissner in a bug ticket.

Original Advisory:
Mono:
https://bugzilla.novell.com/show_bug.cgi?id=7697999
https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2

http://secunia.com/advisories/49838/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Avaya Products PostgreSQL Brute Force Weakness

by Carol~ Moderator - 7/9/12 9:58 AM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

Release Date : 2012-07-09

Criticality level : Not critical
Impact : Brute force
Where : From remote
Solution Status : Unpatched

Software: Avaya Application Enablement Services 5.x
Avaya Application Enablement Services 6.x
Avaya Aura Presence Services 6.x
Avaya Aura Session Manager 1.x
Avaya Aura Session Manager 5.x
Avaya Aura Session Manager 6.x
Avaya Aura System Manager 5.x
Avaya Aura System Manager 6.x
Avaya Experience Portal 6.x
Avaya Meeting Exchange 5.x
Avaya Voice Portal 5.x

Description:
Avaya has acknowledged a weakness in Avaya Products, which can be exploited by malicious people to conduct brute force attacks.

The weakness is reported in the following products:
* Avaya Application Enablement Services versions 5.x and 6.x.
* Avaya Aura Presence Services versions 6.0.x.
* Avaya Aura Session Manager versions 1.1, 5.x, and 6.x.
* Avaya Aura System Manager versions 5.x and 6.x.
* Avaya Experience Portal versions 6.0.x.
* Avaya Meeting Exchange versions 5.x.
* Avaya Voice Portal versions 5.x.

Solution:
The vendor recommends that local and network access to the affected systems be restricted until an update is available.

Original Advisory:
https://downloads.avaya.com/css/P8/documents/100164390

http://secunia.com/advisories/49852/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Apache Sling @CopyFrom Denial of Service Vulnerability

by Carol~ Moderator - 7/9/12 10:00 AM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

Release Date : 2012-07-09

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Software: Apache Sling 2.x

Description:
A vulnerability has been reported in Apache Sling, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an input verification error when handling the @CopyFrom operation in the Sling POST servlet. This can be exploited to cause an infinite loop and subsequently exhaust memory and storage resources via a specially crafted HTTP request.

The vulnerability is reported in versions 2.1.0 and prior.

Solution:
Update to version 2.1.2. Additionally fixed within the SVN repository.

Provided and/or discovered by:
The vendor credits IO Active.

Original Advisory:
Apache:
http://mail-archives.apache.org/mod_mbox/www-announce/201207.mbox/%3CCAEWfVJ=PwoQmwJg0KmbrC17Gw51kgfKRsqgy=4RpMQsdGh0bVg@mail.gmail.com%3E
https://issues.apache.org/jira/browse/SLING-2517
http://svn.apache.org/viewvc?view=revision&revision=1352865

http://secunia.com/advisories/49840/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Leaflet Maps Marker Plugin Multiple

by Carol~ Moderator - 7/9/12 10:02 AM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

WordPress Leaflet Maps Marker Plugin Multiple Vulnerabilities

Release Date : 2012-07-09

Criticality level : Less critical
Impact : Cross Site Scripting
Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Leaflet Maps Marker Plugin 2.x

Description:
Multiple vulnerabilities have been reported in Leaflet Maps Marker, which can be exploited by malicious users to conduct SQL injection and script insertion attacks and by malicious people to conduct cross-site scripting attacks.

1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Certain unspecified input is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.

3) Certain unspecified input passed is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are reported in versions prior to 2.4.

Solution:
Update to version 2.4.

Provided and/or discovered by:
The vendor credits the computing centre of the city of Vienna.

Original Advisory:
Leaflet Maps Marker:
http://www.mapsmarker.com/2012/06/06/leaflet-maps-marker-v2-4-is-available/
http://plugins.trac.wordpress.org/changeset/551499/leaflet-maps-marker

http://secunia.com/advisories/49845/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Flip Book Plugin Arbitrary File Upload

by Carol~ Moderator - 7/9/12 12:04 PM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

WordPress Flip Book Plugin Arbitrary File Upload Vulnerability

Release Date : 2012-07-09

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: WordPress Flip Book Plugin 1.x

Description:
Sammy Forgit has reported a vulnerability in the Flip Book plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the wp-content/plugins/flipbook/php.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.

The vulnerability is reported in version 1.0. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Sammy Forgit, OpenSysCom.

Original Advisory:
http://www.opensyscom.fr/Actualites/wordpress-plugins-flip-book-arbitrary-file-upload-vulnerability.html

http://secunia.com/advisories/49687/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WebsitePanel "ReturnUrl" Redirection Weakness

by Carol~ Moderator - 7/9/12 12:04 PM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

Release Date : 2012-07-09

Criticality level : Not critical
Impact : Spoofing
Where : From remote
Solution Status : Unpatched

Software: WebsitePanel 1.x

Description:
A weakness has been reported in WebsitePanel, which can be exploited by malicious people to conduct spoofing attacks.

Input passed via the "ReturnUrl" parameter to Default.aspx (when "pid" is set to "Login") is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

The weakness is reported in version 1.2.0. Other versions may also be affected.

Solution:
Reportedly fixed in version 1.2.2.1 beta.

Provided and/or discovered by:
Anastasios Monachos in a bug ticket.

Original Advisory:
http://websitepanel.codeplex.com/workitem/224

http://secunia.com/advisories/49813/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

KingHistorian Memory Corruption Vulnerability

by Carol~ Moderator - 7/9/12 2:36 PM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

Release Date : 2012-07-09

Criticality level : Moderately critical
Impact : System access
Where : From local networok
Solution Status : Vendor Patch

Software: KingHistorian 3.x

Description:
A vulnerability has been reported in KingHistorian, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an invalid pointer write error, which can be exploited to corrupt memory via a specially crafted packet sent to port 5678.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in version 3.0.

Solution:
Install patch.

Provided and/or discovered by:
ICS-CERT credits Dillon Beresford.

Original Advisory:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf

http://secunia.com/advisories/49765/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Netsweeper Cross-Site Scripting and Request Forgery

by Carol~ Moderator - 7/9/12 2:36 PM

In Reply to: VULNERABILITIES / FIXES - July 09, 2012 by Carol~ Moderator

Netsweeper Cross-Site Scripting and Request Forgery Vulnerabilities

Release Date : 2012-07-09

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Netsweeper 3.x

Description:
Two vulnerabilities have been reported in Netsweeper, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.

1) Input passed via the "group" parameter to webadmin/tools/local_lookup.php (when "action" is set to "lookup") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. add an administrator by tricking a logged in administrator into visiting a malicious web site.

Solution:
No official solution is currently available.

Provided and/or discovered by:
US-CERT credits Jacob Holcomb, Leland Public Schools.

Original Advisory:
VU#763795:
http://www.kb.cert.org/vuls/id/763795

http://secunia.com/advisories/49801/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close