Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - January 02, 2013

by: Carol~ January 2, 2013 8:10 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - January 02, 2013

by Carol~ Moderator - 1/2/13 8:10 AM

ircd-ratbox Server Capability Negotiation Denial of Service Vulnerability

Release Date: 2013-01-02

Criticality level : Moderately critical
Impact: DoS
Where : From remote
Solution Status : Vendor Patch

Software: ircd-ratbox 3.x

Description:
A vulnerability has been reported in ircd-ratbox, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling server capability negotiation and can be exploited to crash the service.

The vulnerability is reported in versions prior to 3.0.8.

Solution:
Update to version 3.0.8.

Provided and/or discovered by:
The vendor credits Fudge.

Original Advisory:
http://svn.ratbox.org/svnroot/ircd-ratbox/branches/RATBOX_3_0/RELNOTES
http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt

http://secunia.com/advisories/51694/


Reply
Report offensive post
Email to friend

Charybdis Server Capability Negotiation Denial of Service

by Carol~ Moderator - 1/2/13 8:14 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Charybdis Server Capability Negotiation Denial of Service Vulnerability

Release Date: 2013-01-02

Criticality level : Moderately critical
Impact: DoS
Where : From remote
Solution Status : Vendor Patch

Software: Charybdis 3.x

Description:
A vulnerability has been reported in Charybdis, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is reported in versions prior to 3.4.2.

Solution:
Update to version 3.4.2.

Original Advisory:
http://rabbit.dereferenced.org/~nenolod/ASA-2012-12-31.txt
https://github.com/atheme/charybdis/blob/charybdis-3.4.2/NEWS

http://secunia.com/advisories/51677/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

ShadowIRCd Server Capability Negotiation Denial of Service

by Carol~ Moderator - 1/2/13 8:14 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

ShadowIRCd Server Capability Negotiation Denial of Service Vulnerability

Release Date: 2013-01-02

Criticality level : Moderately critical
Impact: DoS
Where : From remote
Solution Status : Vendor Patch

Software: ShadowIRCd 6.x

Description:
A vulnerability has been reported in ShadowIRCd, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is reported in versions prior to 6.3.3.

Solution:
Update to version 6.3.3.

Original Advisory:
https://github.com/shadowircd/shadowircd/blob/2b9892978e6562e82ace550a742b0795d7ea7b67/NEWS

http://secunia.com/advisories/51716/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

VLC Media Player SWF Video Decoding Use-After-Free

by Carol~ Moderator - 1/2/13 8:14 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

VLC Media Player SWF Video Decoding Use-After-Free Vulnerability

Release Date: 2012-12-12
Last Update : 2013-01-02

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: VLC Media Player 2.x

Description:
Kaveh Ghaemmaghami has discovered a vulnerability in VLC Media Player, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to a use-after-free error when releasing a picture object during video decoding of Flash (SWF) files. This can be exploited to reference an object's callback function pointer from already freed memory.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 2.0.4. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Kaveh Ghaemmaghami

Additional information provided by Secunia Research.

Original Advisory:
Kaveh Ghaemmaghami:
http://seclists.org/fulldisclosure/2012/Dec/96

http://secunia.com/advisories/51464


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Uploader Plugin Two Vulnerabilities

by Carol~ Moderator - 1/2/13 8:15 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Release Date: 2011-01-25
Last Update : 2013-01-02

Criticality level : Highly critical
Impact : Cross Site Scripting
System access
Where : From remote
Solution Status : Partial Fix

Software: WordPress Uploader Plugin 1.x

Description:
Two vulnerabilities have been discovered in the Uploader plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

1) Input passed via the "num" parameter to wp-content/plugins/uploader/views/notify.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

This vulnerability is confirmed in version 1.0.0. Other versions may also be affected.

2) The wp-content/plugins/uploader/uploadify/uploadify.php script allows the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code.

This vulnerability is confirmed in version 1.0.4. Other versions may also be affected.

Solution:
No official solution is currently available. Update to version 1.0.4, which fixes vulnerability #1.

Provided and/or discovered by:
AutoSec Tools

Original Advisory:
WordPress Uploader Plugin:
http://wordpress.org/extend/plugins/uploader/changelog/

AutoSec Tools:
http://www.autosectools.com/Advisories/WordPress.Uploader.1.0.0_Reflected.Cross-site.Scripting_77.html
http://www.autosectools.com/Advisories/WordPress.Uploader.1.0.0_Arbitrary.Upload_78.html

http://secunia.com/advisories/43075


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

OneCMS Multiple Vulnerabilities

by Carol~ Moderator - 1/2/13 8:16 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Release Date: 2012-09-22
Last Update : 2013-01-02

Criticality level : Highly critical
Impact : Security Bypass
Manipulation of data
System access
Where : From remote
Solution Status : Unpatched

Software: OneCMS 2.x

Description:
Some vulnerabilities have been discovered in OneCMS, which can be exploited by malicious people to bypass certain security restrictions, conduct SQL injection attacks, and compromise a vulnerable system.

1) Input passed via the "rank" parameter to boards.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2) Input passed via the "username" POST parameter to admin.php (when "load" is set to "login" and "login" is set to "yes") is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

3) Some vulnerabilities are caused due to a bundled version of TimThumb.

The vulnerabilities are confirmed in version 2.6.4. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
1) kurdish hackers team
2) Sammy Forgit, OpenSysCom

Original Advisory:
Sammy Forgit:
http://www.opensyscom.fr/Actualites/onecms-sql-injection-vulnerability.html
http://www.opensyscom.fr/Actualites/onecms-timthumb-vulnerability.html

http://secunia.com/advisories/46138


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress WP Photo Album Plus Plugin "wppa-searchstring"

by Carol~ Moderator - 1/2/13 9:01 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

WordPress WP Photo Album Plus Plugin "wppa-searchstring" Cross-Site Scripting Vulnerability

Release Date: 2013-01-02

Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: WordPress WP Photo Album Plus Plugin 4.x

Description:
Keith Makan has discovered a vulnerability in the WP Photo Album Plus plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed to the "wppa-searchstring" POST parameter in index.php (when "page_id" is set to the id of the page contains an album) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the "Search Photos" widget is enabled.

The vulnerability is confirmed in version 4.8.12. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Keith Makan.

Original Advisory:
Keith Makan:
http://k3170makan.blogspot.dk/2012/12/wp-photoplus-xss-csrf-vuln.html

http://secunia.com/advisories/51669/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Shopping Cart Plugin Multiple SQL Injection

by Carol~ Moderator - 1/2/13 9:01 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

WordPress Shopping Cart Plugin Multiple SQL Injection Vulnerabilities

Release Date : 2013-01-02

Criticality level : Highly critical
Impact : Manipulation of data
Where : From remote
Solution Status : Unpatched

Software: WordPress Shopping Cart 8.x (plugin for WordPress)

Description:
Sammy Forgit has discovered multiple vulnerabilities in the WordPress Shopping Cart plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed via the "reqID" parameter to wp-content/plugins/levelfourstorefront/scripts/administration/backup.php, wp-content/plugins/levelfourstorefront/scripts/administration/dbuploaderscript.php, wp-content/plugins/levelfourstorefront/scripts/administration/exportaccounts.php, and wp-content/plugins/levelfourstorefront/scripts/administration/exportsubscribers.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The vulnerabilities are confirmed in version 8.1.14. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Sammy Forgit, Opensyscom

Original Advisory:
http://www.opensyscom.fr/Actualites/wordpress-plugins-wordpress-shopping-cart-multiple-vulnerability.html

http://secunia.com/advisories/51690/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Xerte Online Plugin Arbitrary File Upload

by Carol~ Moderator - 1/2/13 9:02 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

WordPress Xerte Online Plugin Arbitrary File Upload Vulnerability

Release Date : 2013-01-02

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: Xerte Online 0.x (plugin for WordPress)

Description:
Sammy Forgit has discovered a vulnerability in the Xerte Online plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the wp-content/plugins/xerte-online/xertefiles/save.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.

The vulnerability has been confirmed in version 0.32. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Sammy Forgit, Opensyscom

Original Advisory:
http://www.opensyscom.fr/Actualites/wordpress-plugins-xerte-online-arbitrary-file-upload-vulnerability.html

http://secunia.com/advisories/51691/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress ReFlex Gallery Plugin Arbitrary File Upload

by Carol~ Moderator - 1/2/13 9:03 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

WordPress ReFlex Gallery Plugin Arbitrary File Upload Vulnerability

Release Date : 2013-01-02

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Unpatched

Software: ReFlex Gallery 1.x (plugin for WordPress)

Description:
Sammy Forgit has discovered a vulnerability in the ReFlex Gallery plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to the wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.

The vulnerability has been confirmed in version 1.4. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Sammy Forgit, Opensyscom

Original Advisory:
http://www.opensyscom.fr/Actualites/wordpress-plugins-uploader-arbitrary-file-upload-vulnerability.html

http://secunia.com/advisories/51698/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress WP Photo Album Plus Plugin Unspecified Cross-Site

by Carol~ Moderator - 1/2/13 9:04 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

WordPress WP Photo Album Plus Plugin Unspecified Cross-Site Scripting Vulnerability

Release Date: 2013-01-02

Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WordPress WP Photo Album Plus Plugin 4.x

Description:
A vulnerability has been reported in the WP Photo Album Plus plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks.

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is reported in version 4.8.11. Prior versions may also be affected.

Solution:
Update to version 4.8.12.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
WP Photo Album Plus:
http://wordpress.org/extend/plugins/wp-photo-album-plus/changelog/

http://secunia.com/advisories/51679/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for ghostscript

by Carol~ Moderator - 1/2/13 11:22 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Release Date : 2012-12-31

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status: Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for ghostscript. This fixes a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2595-1:
http://www.debian.org/security/2012/dsa-2595

http://secunia.com/advisories/51670/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for virtualbox-ose

by Carol~ Moderator - 1/2/13 11:22 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Release Date : 2012-12-31

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status: Vendor Patch

Operating System : Debian GNU/Linux 6.0

Description:
Debian has issued an update for virtualbox-ose. This fixes a vulnerability, which can be exploited by malicious, local users to cause a Denial of Service (DoS).

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2594-1:
http://www.debian.org/security/2012/dsa-2594

http://secunia.com/advisories/51671/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM SPSS Modeler XML Document Parsing Vulnerability

by Carol~ Moderator - 1/2/13 11:22 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Release Date : 2012-12-31

Criticality level : Less critical
Impact : Exposure of sensitive information
DoS
Where : From remote
Solution Status: Vendor Patch

Software: IBM SPSS Modeler 14.x
IBM SPSS Modeler 15.x

Description:
A vulnerability has been reported in IBM SPSS Modeler, which can be exploited by malicious people to disclose potentially sensitive information and cause a DoS (Denial of Service).

The vulnerability is caused due to an error when handling certain XML documents and can be exploited via a specially crafted document.

The vulnerability is reported in versions 14 through 15.0 running on all supported platforms.

Solution:
Apply Interim Fix (please see the vendor's advisory for details).

Provided and/or discovered by:
The vendor credits Timur Yunusov, Alexey Osipov, and Ilya Karpov, Positive Research Center (Positive Technologies Company).

Original Advisory:
IBM:
http://www.ibm.com/support/docview.wss?uid=swg21620758
http://www.ibm.com/support/docview.wss?uid=swg24034122

http://secunia.com/advisories/51715/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IP.Board Unspecified Vulnerability

by Carol~ Moderator - 1/2/13 11:22 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Release Date : 2012-12-31

Criticality level : Moderately critical
Impact : Unknown
Where : From remote
Solution Status: Vendor Patch

Software: IP.Board (Invision Power Board) 3.x

Description:
A vulnerability with an unknown impact has been reported in the IP.Board.

The vulnerability is caused due to an unspecified error. No further information is currently available.

The vulnerability is reported in versions 3.1.x, 3.2.x, and 3.3.x through 3.4.

Solution:
Apply patch.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://community.invisionpower.com/topic/375885-ipboard-31x-32x-33x-34x-critical-security-update/

http://secunia.com/advisories/51705/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for mediawiki-extensions

by Carol~ Moderator - 1/2/13 11:22 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Release Date : 2012-12-31

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status: Vendor Patch

Operating System : Debian GNU/Linux 6.0

Description:
Debian has issued an update for mediawiki-extensions. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.

The vulnerability is caused due to improper input validation in the processing of RSS feed. This can be exploited to inject and execute arbitrary HTML and script code in context of the feed by tricking a user into adding and viewing a malicious RSS feed.

Solution:
Apply updated packages via the apt-get package manager.

Provided and/or discovered by:
The vendor credits Thorsten Glaser within a bug report.

Original Advisory:
DSA-2596-1:
http://www.debian.org/security/2012/dsa-2596

http://secunia.com/advisories/51713/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Symfony Double-URL-Encoded Path Security Rule Bypass

by Carol~ Moderator - 1/2/13 11:23 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Symfony Double-URL-Encoded Path Security Rule Bypass Vulnerability

Release Date : 2012-12-31

Criticality level : Moderately critical
Impact : Security Bypass
Where : From remote
Solution Status: Vendor Patch

Software: Symfony 2.x

Description:
A vulnerability has been reported in Symfony, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error when handling URL-encoded paths and can be exploited to bypass a security rule by using double-URL-encoded paths.

The vulnerability is reported in versions 2.0.0 through 2.0.19.

Solution:
Update to version 2.0.20.

Provided and/or discovered by:
The vendor credits Manuele Menozzi.

Original Advisory:
http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

http://secunia.com/advisories/51660/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Symfony _internal Route Arbitrary Controller/Service

by Carol~ Moderator - 1/2/13 11:24 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Symfony _internal Route Arbitrary Controller/Service Execution Vulnerability

Release Date : 2012-12-31

Criticality level : Moderately critical
Impact : Security Bypass
System access
Where : From remote
Solution Status: Vendor Workaround

Software: Symfony 2.x

Description:
A vulnerability has been reported in Symfony, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error when handling _internal routes via the "render" tag and can be exploited to execute arbitrary Controller or Services by using a specially crafted path.

Successful exploitation requires _internal routes to be enabled.

The vulnerability is reported in all 2.0.x and 2.1.x versions.

Solution:
Please see the vendor's advisory for recommended workarounds.

Provided and/or discovered by:
The vendor credits Victor Berchet.

Original Advisory:
http://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released

http://secunia.com/advisories/51662/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

MoinMoin Multiple Vulnerabilities

by Carol~ Moderator - 1/2/13 11:25 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Release Date : 2012-12-31

Criticality level : Highly critical
Impact : Cross Site Scripting
Manipulation of data
System access
Where : From remote
Solution Status: Vendor Patch

Software: MoinMoin 1.x

Description:
Multiple vulnerabilities have been reported in MoinMoin, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system and by malicious people to manipulate certain data.

1) Certain input when handling the AttachFile action is not properly verified before being used to write files. This can be exploited to overwrite arbitrary files via directory traversal sequences.

2) The application allows the upload of files with arbitrary extensions to a folder inside the webroot when handling the twikidraw or anywikidraw actions. This can be exploited to execute arbitrary code by uploading a malicious script.

Successful exploitation of this vulnerability requires "write" permission.

3) Input passed via page name in rss link is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

The vulnerabilities are reported in versions prior to 1.9.6.

Solution:
Update to version 1.9.6.

Provided and/or discovered by:
1, 3) Reported by the vendor.
2) Reported as a 0-day.

Original Advisory:
http://moinmo.in/SecurityFixes

http://secunia.com/advisories/51663/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Debian update for moin

by Carol~ Moderator - 1/2/13 11:26 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Release Date : 2012-12-31

Criticality level : Moderately critical
Impact : Manipulation of data
System access
Where : From remote
Solution Status: Vendor Patch

Operating System : Debian GNU/Linux 6.0

Description:
Debian has issued an update for moin. This fixes two vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to manipulate certain data.

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2593-1:
http://www.debian.org/security/2012/dsa-2593

http://secunia.com/advisories/51676/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ubuntu update for moin

by Carol~ Moderator - 1/2/13 11:37 AM

In Reply to: VULNERABILITIES / FIXES - January 02, 2013 by Carol~ Moderator

Release Date : 2012-12-31

Criticality level : Moderately critical
Impact : Manipulation of data
System access
Where : From remote
Solution Status: Vendor Patch

Operating System : Ubuntu Linux 10.04
Ubuntu Linux 11.10
Ubuntu Linux 12.04

Description:
Ubuntu has issued an update for moin. This fixes two vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to manipulate certain data.

Solution:
Apply updated packages.

Original Advisory:
USN-1680-1:
http://www.ubuntu.com/usn/usn-1680-1

http://secunia.com/advisories/51696/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close