Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - December 14, 2012

by: Carol~ December 14, 2012 8:55 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - December 14, 2012

by Carol~ Moderator - 12/14/12 8:55 AM

WordPress Portable phpMyAdmin Plugin Security Bypass Security Issue

Release Date : 2012-12-14

Criticality level : Moderately critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Portable phpMyAdmin Plugin 1.x

Description:
A security issue has been reported in the Portable phpMyAdmin plugin for WordPress, which can be exploited by malicious people to bypass certain security restrictions.

The security issue is caused due to the application not verifying permissions and can be exploited to access the phpMyAdmin interface.

The security issue is reported in versions prior to 1.3.1.

Solution:
Update to version 1.3.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Portable phpMyAdmin:
http://wordpress.org/extend/plugins/portable-phpmyadmin/changelog/

http://secunia.com/advisories/51520/


Reply
Report offensive post
Email to friend

HP-UX update for Java

by Carol~ Moderator - 12/14/12 9:01 AM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

Release Date : 2012-12-14

Criticality level : Highly critical
Impact : Manipulation of data
Exposure of sensitive information
DoS
System access
Where: From remote
Solution Status : Vendor Patch

Operating System : HP-UX 11.x

Description:
HP has issued an update for Java in HP-UX. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and potentially compromise a vulnerable system

The vulnerabilities are reported in the versions B.11.23 and B.11.31 running HP JDK and JRE versions 7.0.03, 6.0.16, and 5.0.26 and prior.

Solution:
Update to version 7.0.04, 6.0.17, or 5.0.27.

Original Advisory:
HPSBUX02832 SSRT101042:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03595351

http://secunia.com/advisories/51599/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

MyBB Facebook profile link on Postbit Plugin Script

by Carol~ Moderator - 12/14/12 9:02 AM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

MyBB Facebook profile link on Postbit Plugin Script Insertion Vulnerability

Release Date : 2012-12-14

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Facebook profile link on Postbit 2.x (plugin for MyBB)

Description:
A vulnerability has been discovered in the Facebook profile link on Postbit plugin for MyBB, which can be exploited by malicious people to conduct script insertion attacks.

Input passed via the Facebook id/nickname field when editing profile details is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

The vulnerability is confirmed in version 2.4. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
limb0

Original Advisory:
limb0:
http://www.exploit-db.com/exploits/23355/

http://secunia.com/advisories/51554/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

MyBB MyYoutube Plugin SQL Injection Vulnerability

by Carol~ Moderator - 12/14/12 9:02 AM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

Release Date : 2012-12-14

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: MyYoutube 1.x (plugin for MyBB)

Description:
A vulnerability has been discovered in the MyYoutube plugin for MyBB, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the youtube video id field when editing profile is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 1.0. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Zixem

Original Advisory:
Zixem:
http://www.exploit-db.com/exploits/23353/

http://secunia.com/advisories/51567/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

MyBB DyMy User Agent Plugin "User-Agent" SQL Injection

by Carol~ Moderator - 12/14/12 9:02 AM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

MyBB DyMy User Agent Plugin "User-Agent" SQL Injection Vulnerability

Release Date : 2012-12-14

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: DyMy User Agent 0.x (plugin for MyBB)

Description:
A vulnerability has been discovered in the DyMy User Agent plugin for MyBB, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "User-Agent" HTTP header when e.g. posting a new reply is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerability is confirmed in version 0.1.3. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
JoinSe7en

Original Advisory:
JoinSe7en:
http://www.exploit-db.com/exploits/23359/

http://secunia.com/advisories/51565/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Huawei E585 Management Interface Multiple Vulnerabilities

by Carol~ Moderator - 12/14/12 9:02 AM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

Release Date: 2012-12-14

Criticality level : Less critical
Impact : Security Bypass
Exposure of sensitive information
DoS
Where : From local network
Solution Status : Vendor Patch

Operating System : Huawei E585

Description:
Multiple vulnerabilities have been reported in Huawei E585, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, and cause a DoS (Denial of Service).

1) An error within the web management interface when validating the status of a logged in session can be exploited to bypass the authentication process.

2) An error within the web management interface when processing certain web requests can be exploited to access arbitrary files via directory traversal sequences.

3) A NULL pointer dereference error within the web management interface when processing certain web requests can be exploited to cause a crash.

Solution:
Apply updates (please see the vendor's advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198239.htm
http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-198240.htm

http://secunia.com/advisories/51596/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

VMware View Connection/Security Server Directory Traversal

by Carol~ Moderator - 12/14/12 10:11 AM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

VMware View Connection/Security Server Directory Traversal Vulnerability

Release Date: 2012-12-14

Criticality level : Moderately critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: VMware View 4.x
VMware View 5.x

Description:
A vulnerability has been reported in VMware View, which can be exploited by malicious people to disclose sensitive information.

The vulnerability is caused due to an error within the View Connection Server and View Security Server and can be exploited to disclose arbitrary files via directory traversal attacks.

The vulnerability is reported in versions prior to 5.1.2 and 4.6.2.

Solution:
Update to version 5.1.2 or 4.6.2.

Provided and/or discovered by:
The vendor credits Digital Defense, Inc. Vulnerability Research Team.

Original Advisory:
http://www.vmware.com/security/advisories/VMSA-2012-0017.html

http://secunia.com/advisories/51597/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cisco Wireless Lan Controller Cross-Site Request Forgery

by Carol~ Moderator - 12/14/12 10:11 AM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

Cisco Wireless Lan Controller Cross-Site Request Forgery Vulnerability

Release Date: 2012-12-14

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Cisco Wireless LAN Controller (WLC) 7.x

Description:
A vulnerability has been reported in Cisco Wireless Lan Controller, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. create an arbitrary user with administrative privileges if a logged-in administrative user visits a malicious web site.

The vulnerability is reported in versions 5.x, 6.x, and 7.0 through 7.4.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Jacob Holcomb (Gimppy042)

Original Advisory:
http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html

http://secunia.com/advisories/51546/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Welcart e-Commerce Plugin Cross-Site Scripting

by Carol~ Moderator - 12/14/12 10:13 AM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

WordPress Welcart e-Commerce Plugin Cross-Site Scripting and Request Forgery Vulnerabilities

Release Date: 2012-12-14

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress Welcart e-Commerce Plugin 1.x

Description:
Multiple vulnerabilities have been reported in the Welcart e-Commerce plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks.

1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain unspecified actions if a logged-in administrative user visits a malicious web site.

The vulnerabilities are reported in versions 1.2.1 and prior.

Solution:
Update to version 1.2.2.

Provided and/or discovered by:
Yoshinori Matsumoto, Kobe Digital Lab via JVN.

Original Advisory:
Welcart (Japanese):
http://www.welcart.com/community/archives/4524

JVN:
http://jvn.jp/en/jp/JVN18731696/index.html
http://jvn.jp/en/jp/JVN53269985/index.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000108.html
http://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000109.html

http://secunia.com/advisories/51581/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Tivoli Storage Manager FastBack IEHS Cross-Site

by Carol~ Moderator - 12/14/12 10:14 AM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

IBM Tivoli Storage Manager FastBack IEHS Cross-Site Scripting Vulnerability

Release Date: 2012-12-14

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: IBM Tivoli Storage Manager FastBack 6.x

Description:IBM has acknowledged a vulnerability in IBM Tivoli Storage Manager FastBack, which can be exploited by malicious people to conduct cross-site scripting attacks.

The application bundles a vulnerable version of Eclipse Help System.

The vulnerability is reported in versions 6.1.0.0 through 6.3.0.3.

Solution:
Update to version 6.3.1.0.

Original Advisory:
IBM:
http://www.ibm.com/support/docview.wss?uid=swg21620352

http://secunia.com/advisories/51590/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Rational ClearCase OpenSSL TLS Integer Underflow Denial

by Carol~ Moderator - 12/14/12 12:04 PM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

IBM Rational ClearCase OpenSSL TLS Integer Underflow Denial of Service Vulnerability

Release Date: 2012-12-14

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Software: IBM Rational ClearCase 7.x
IBM Rational ClearCase 8.x

Description:
IBM has acknowledged a vulnerability in IBM Rational ClearCase, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a bundled vulnerable version of OpenSSL.

The vulnerability is reported in versions prior to 8.0.0.5 and 7.1.2.9.

Solution:
Update to version 8.0.0.5 or 7.1.2.9.

Original Advisory:
http://www.ibm.com/support/docview.wss?uid=swg21620340

http://secunia.com/advisories/51595/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Lotus Notes Web Application Cross-Site Scripting

by Carol~ Moderator - 12/14/12 12:04 PM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

IBM Lotus Notes Web Application Cross-Site Scripting Vulnerability

Release Date: 2012-12-14

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: IBM Lotus Notes 8.x

Description:
A vulnerability has been reported in IBM Lotus Notes, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain input is not properly sanitised when accessing some web applications. This can be exploited to execute arbitrary HTML and script code in a user's session in context of an affected site.

The vulnerability is reported in version 8.5.3 Fix Pack 2 and prior.

Solution:
Apply Interim Fix 3 (853FP2SHF199).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM:
http://www.ibm.com/support/docview.wss?uid=swg21620361
http://www.ibm.com/support/docview.wss?uid=swg21619604

http://secunia.com/advisories/51593/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Rational ClearQuest Web Client Cross-Site Scripting

by Carol~ Moderator - 12/14/12 12:05 PM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

IBM Rational ClearQuest Web Client Cross-Site Scripting Vulnerability

Release Date: 2012-12-14

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: IBM Rational ClearQuest 7.x
IBM Rational ClearQuest 8.x

Description:
A vulnerability has been reported in IBM Rational ClearQuest, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input passed to the OSLC interface system in the ClearQuest Web (CQ Web) client is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site.

The vulnerability is reported in versions prior to 7.1.2.9 and 8.0.0.5.

Solution:
Update to version 7.1.2.9 or 8.0.0.5.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (PM72905):
http://www.ibm.com/support/docview.wss?uid=swg21620342

http://secunia.com/advisories/51598/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Quest InTrust ActiveX Controls Multiple Vulnerabilities

by Carol~ Moderator - 12/14/12 12:10 PM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

Release Date: 2012-03-30
Last Update : 2012-12-14

Criticality level : Highly critical
Impact : Manipulation of data
System access
Where : From remote
Solution Status : Unpatched

Software: Quest ARDoc ActiveX Control 7.x
Quest InTrust 10.x
Software FX Annotation Objects Extension ActiveX Control (AnnotateX.dll) 1.x

Description:
Andrea Micalizzi has discovered multiple vulnerabilities in Quest InTrust, which can be exploited by malicious people to manipulate certain data and compromise a user's system.

1) An insecure method in the ARDoc ActiveX Control (ARDoc.dll) can be exploited to overwrite arbitrary files with the contents of exported documents via a call to the "SaveToFile()" method with a specially crafted "bstrFileName" argument.

2) An input validation error in the Annotation Objects Extension ActiveX Control (AnnotateX.dll) can be exploited to call an arbitrary memory location via a call to the "Add()" method with a specially crafted "obj" argument.

Successful exploitation of this vulnerability allows execution of arbitrary code.

The vulnerabilities are confirmed in version 10.4.0.853. Other versions may also be affected.

Solution:
Set the kill-bit for the ActiveX controls.

Provided and/or discovered by:
Andrea Micalizzi (rgod)

Original Advisory:
http://retrogod.altervista.org/9sg_quest_ii.htm
http://retrogod.altervista.org/9sg_quest_adv.htm

http://secunia.com/advisories/48566


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SnackAmp Music Player File Processing Buffer Overflow

by Carol~ Moderator - 12/14/12 12:14 PM

In Reply to: VULNERABILITIES / FIXES - December 14, 2012 by Carol~ Moderator

SnackAmp Music Player File Processing Buffer Overflow Vulnerabilities

Release Date: 2010-08-30
Last Update : 2012-12-14

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: SnackAmp Music Player 3.x

Description:
Two vulnerabilities have been discovered in SnackAmp Music Player, which can be exploited by malicious people to compromise a user's system.

1) A boundary error when parsing SMP files can be exploited to cause a stack-based buffer overflow via a specially crafted file.

2) A boundary error when parsing WAV and AIFF files can be exploited to cause a heap-based buffer overflow via a specially crafted file.

Successful exploitation of the vulnerabilities may allow execution of arbitrary code.

The vulnerabilities are confirmed in versions 3.1.2 and 3.1.3. Other versions may also be affected.

Solution:
Do not open untrusted files.

Provided and/or discovered by:
James Fitts

Original Advisory:
http://www.exploit-db.com/exploits/14831/
http://www.exploit-db.com/exploits/14832/
http://www.exploit-db.com/exploits/18692/

http://secunia.com/advisories/41144


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close