Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - March 01, 2013

by: Carol~ March 1, 2013 7:07 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - March 01, 2013

by Carol~ Moderator - 3/1/13 7:07 AM

D-Link DIR-645 Information Disclosure Security Issue

Release Date : 2013-03-01

Criticality level : Less critical
Impact : Exposure of sensitive information
Where : From local network
Solution Status : Vendor Patch

Operating System: D-Link DIR-645 1.x

Description:
Roberto Paleari has reported a security issue in D-Link DIR-645, which can be exploited by malicious people to disclose sensitive information.

The security issue is caused due to the application not restricting access to certain scripts, which can be exploited to e.g. disclose administrative credentials.

The security issue is reported in version 1.02. Other versions may also be affected.

Solution:
Reportedly fixed in version 1.03.

Provided and/or discovered by:
Roberto Paleari

Original Advisory:
http://archives.neohapsis.com/archives/bugtraq/2013-02/0151.html

http://secunia.com/advisories/52432/


Reply
Report offensive post
Email to friend

Kingsoft Office Writer 2010 RTF Buffer Overflow

by Carol~ Moderator - 3/1/13 7:12 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Kingsoft Office Writer 2010 RTF Buffer Overflow Vulnerability

Release Date : 2013-03-01

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status: Vendor Patch

Software: Kingsoft Office 2010

Description:
A vulnerability has been reported in Kingsoft Office, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error in Kingsoft Writer, which can be exploited to cause a buffer overflow by tricking a user into opening a specially crafted rich text file (RTF).

Successful exploitation may allow the execution of arbitrary code, but requires tricking a user into opening a malicious file.

The vulnerability is reported in versions prior to 2724.

Solution:
Update to version 2724.

Provided and/or discovered by:
JVN credits Yuji Ukai, Fourteenforty Research Institute, Inc.

Original Advisory:
Kingsoft (Japanese):
http://www.kingsoft.jp/support/office/support_news/writer2010_2723

JVN (English):
http://jvn.jp/en/jp/JVN55924624/index.html
http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000016.html

JVN (Japanese):
http://jvn.jp/jp/JVN55924624/index.html

http://secunia.com/advisories/52409/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Joomla! Virtuemart 2 Multiple Customfields Filter Module

by Carol~ Moderator - 3/1/13 7:12 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Joomla! Virtuemart 2 Multiple Customfields Filter Module Unspecified Vulnerability

Release Date : 2013-03-01

Criticality level : Moderately critical
Impact : Unknown
Where : From remote
Solution Status : Vendor Patch

Software: Virtuemart 2 Multiple Customfields Filter 1.x (module for Joomla!)

Description:
A vulnerability with an unknown impact has been reported in the Virtuemart 2 Multiple Customfields Filter module for Joomla!

The vulnerability is caused due to an unspecified error. No further information is currently available.

The vulnerability is reported in versions prior to 1.6.8.

Solution:
Update to version 1.6.8.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://myext.eu/en/update/49-v1-68

http://secunia.com/advisories/52383/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Red Hat update for libxml2

by Carol~ Moderator - 3/1/13 7:12 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Release Date : 2013-03-01

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System :
Red Hat Enterprise Linux Desktop 5
Red Hat Enterprise Linux Desktop 6
Red Hat Enterprise Linux HPC Node 6
Red Hat Enterprise Linux Server 5
Red Hat Enterprise Linux Server 6
Red Hat Enterprise Linux Workstation 6
RHEL Desktop Workstation 5

Description:
Red Hat has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Updated packages are available via Red Hat Network.

Original Advisory:
RHSA-2013:0581-1:
http://rhn.redhat.com/errata/RHSA-2013-0581.html

http://secunia.com/advisories/52438/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Linux Kernel "chase_port()" USB Unplugging Denial of Service

by Carol~ Moderator - 3/1/13 7:12 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Linux Kernel "chase_port()" USB Unplugging Denial of Service Vulnerability

Release Date : 2013-03-01

Criticality level : Not critical
Impact : DoS
Where : Local system
Solution Status : Vendor Patch

Operating System: Linux Kernel 3.2.x

Description:
A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a NULL-pointer dereference error in the "chase_port()" function (drivers/usb/serial/io_ti.c) when handling USB device unplugs. This can be exploited to cause the system to crash by unplugging a USB device while it is in use.

The vulnerability is reported in versions prior to 3.2.38.

Solution:
Update to version 3.2.38.

Provided and/or discovered by:
Disclosed in a GIT commit.

Original Advisory:
http://www.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.38

http://secunia.com/advisories/52343/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for flash-player

by Carol~ Moderator - 3/1/13 7:12 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Release Date : 2013-03-01

Criticality level: Highly critical
Impact: Security Bypass
Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 12.2

Description:
SUSE has issued an update for flash-player. This fixes multiple vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, disclose certain sensitive information, and compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0362-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00082.html

openSUSE-SU-2013:0364-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00084.html

openSUSE-SU-2013:0359-2:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00086.html

openSUSE-SU-2013:0367-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00090.html

openSUSE-SU-2013:0295-2:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00091.html

openSUSE-SU-2013:0279-2:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00092.html

openSUSE-SU-2013:0368-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00094.html

openSUSE-SU-2013:0370-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00096.html

http://secunia.com/advisories/52444/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for opera

by Carol~ Moderator - 3/1/13 7:13 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Release Date : 2013-03-01

Criticality level: Highly critical
Impact: Unknown
Spoofing
Privilege escalation
System access
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 12.2

Description:
SUSE has issued an update for opera. This fixes a security issue and multiple vulnerabilities, where one has an unknown impact and the others can be exploited by malicious, local users to perform certain actions with escalated privileges and by malicious people to conduct spoofing attacks and potentially compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0361-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00081.html

openSUSE-SU-2013:0273-2:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00088.html

openSUSE-SU-2013:0289-2:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00093.html

openSUSE-SU-2013:0372-1:
http://lists.opensuse.org/opensuse-updates/2013-02/msg00098.html

http://secunia.com/advisories/52447/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Java Multiple Vulnerabilities

by Carol~ Moderator - 3/1/13 7:24 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Release Date : 2013-03-01

Criticality level : Highly critical
Impact: Privilege escalation
DoS
System access
Manipulation of data
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software:
IBM Java 1.4.x
IBM Java 5.x
IBM Java 6.x
IBM Java 7.x

Description:
IBM has acknowledged a weakness and multiple vulnerabilities in IBM Java, which can be exploited by malicious local users to gain escalated privileges and by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Update to a patched version. Please see the vendor's advisory for more details.

Original Advisory:
http://www.ibm.com/developerworks/java/jdk/alerts/

http://secunia.com/advisories/52308/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Poppler Unspecified Vulnerabilities

by Carol~ Moderator - 3/1/13 9:11 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Release Date : 2013-03-01

Criticality level : Moderately critical
Impact : Unknown
Where : From remote
Solution Status: Vendor Patch

Software: Poppler 0.x

Description:
Some vulnerabilities with an unknown impact have been reported in Poppler.

The vulnerabilities are caused due to some unspecified errors. No further information is currently available.

The vulnerabilities are reported in versions prior to 0.22.1.

Solution:
Update to version 0.22.1.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://poppler.freedesktop.org/
http://seclists.org/oss-sec/2013/q1/479

http://secunia.com/advisories/52357/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cisco NAC Mac Agent ISE SSL Certificate Verification

by Carol~ Moderator - 3/1/13 9:13 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Cisco NAC Mac Agent ISE SSL Certificate Verification Security Issue

Release Date: 2013-03-01

Criticality level : Less critical
Impact : Spoofing
Where : From local network
Solution Status : Unpatched

Software: Cisco NAC Appliance (formerly Cisco Clean Access (CCA)) 4.x

Description:
A security issue has been reported in Cisco Network Admission Control (NAC), which can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to the Cisco Network Admission Control Mac Agent not properly verifying the SSL certificate while connecting to Identity Services Engine (ISE) server. This can be exploited to e.g. spoof the ISE server via a MitM (Man-in-the-Middle) attack and e.g. disclose potentially sensitive information.

The security issue is reported in version 4.9(0.651). Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1124

http://secunia.com/advisories/52395/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cisco Wireless LAN Controller mDNS snooping Denial of

by Carol~ Moderator - 3/1/13 9:18 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Cisco Wireless LAN Controller mDNS snooping Denial of Service Vulnerability

Release Date: 2013-03-01

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Workaround

Operating System : Cisco 5500 Series Wireless Controllers

Software: Cisco Wireless LAN Controller (WLC) 7.x

Description:
A vulnerability has been reported in Cisco Wireless Lan Controller, which can be exploited by malicious users to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the mDNS snooping feature when handling mDNS packets, which can be exploited to trigger a reload.

The vulnerability is reported in version 7.4.100.0. Other versions may also be affected.

Solution:
Disable mDNS snooping (contact the vendor for more information).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco (CSCue04153):
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1141
https://www.cisco.com/cisco/psn/bssprt/bss?keywords=CSCue04153&searchType=bstbugidsearch&page=bstBugDetail&BugID=CSCue04153

http://secunia.com/advisories/52398/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cisco Aironet Access Points and Bridges HTTP Profiler

by Carol~ Moderator - 3/1/13 9:24 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Cisco Aironet Access Points and Bridges HTTP Profiler Denial of Service Vulnerability

Release Date: 2013-03-01

Criticality level : Less critical
Impact : DoS
Where : From local network
Solution Status : Vendor Patch

Operating System: Cisco Aironet Access Points and Bridges 7.x

Description:
A vulnerability has been reported in Cisco Aironet Access Points and Bridges, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an incorrect buffer handling by HTTP profiler. This can be exploited to cause a crash by sending specially crafted HTTP requests.

The vulnerability is reported in version 7.3(101.0). Prior versions may also be affected.

Solution:
Apply updates (please see the vendor's advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6026

http://secunia.com/advisories/52435/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Oracle MySQL Server Denial of Service and Unspecified

by Carol~ Moderator - 3/1/13 9:31 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Oracle MySQL Server Denial of Service and Unspecified Vulnerabilities

Release Date : 2012-04-09
Last Update : 2013-03-01

Criticality level : Less critical
Impact : Unknown
DoS
Where : From local network
Solution Status : Vendor Patch

Software: MySQL 5.x

Description:
Three vulnerabilities have been reported in Oracle MySQL Server, where one has unknown impacts and the other can be exploited by malicious users to cause a DoS (Denial of Service).

1) An error when handling the "HANDLER READ NEXT" command after deleting a record can be exploited to cause a crash.

2) An unspecified error exists in Oracle MySQL Server. No further information is currently available.

These vulnerabilities are reported in versions prior to 5.1.62 and 5.5.22.

3) An error when handling the COM_BINLOG_DUMP command can be exploited to crash the daemon.

This vulnerability is reported in versions 5.5.18 through 5.5.20.

Solution:
Update to version 5.5.22.

Provided and/or discovered by:
1, 2) Reported by the vendor.
3) Kingcope

Original Advisory:
MySQL:
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-62.html
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-21.html
http://dev.mysql.com/doc/refman/5.5/en/news-5-5-22.html

Kingcope:
http://archives.neohapsis.com/archives/fulldisclosure/2012-12/0008.html

http://secunia.com/advisories/48744


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WebCalendar User Enumeration Weakness

by Carol~ Moderator - 3/1/13 10:16 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Release Date : 2013-03-01

Criticality level : Not critical
Impact : Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software: WebCalendar 1.x

Description:
A weakness has been discovered in WebCalendar, which can be exploited by malicious people to disclose certain sensitive information.

The weakness is caused due to the application returning different responses depending on validity of provided user name. This can be exploited to enumerate valid user names.

The weakness is confirmed in version 1.2.6. Prior versions may also be affected.

Solution:
Update to version 1.2.7.

Provided and/or discovered by:
Kenneth F. Belva

Original Advisory:
http://securitymaverick.com/vulnerability-cve-2013-1422-webcalendar-1-2-5-1-2-6-valid-user-determination/

http://secunia.com/advisories/52414/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WebCalendar Multiple Cross-Site Scripting Vulnerabilities

by Carol~ Moderator - 3/1/13 10:16 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Release Date : 2010-02-03
Last Update : 2013-03-01

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Vendor Patch

Software: WebCalendar 1.x

Description:
Russ McRee has discovered some vulnerabilities in WebCalendar, which can be exploited by malicious people to conduct cross-site scripting attacks.

1) Input passed to the "tab" parameter in users.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Input appended to the URL after day.php, month.php, and week.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are confirmed in version 1.2.0. Other versions may also be affected.

Solution:
Update to version 1.2.5.

Provided and/or discovered by:
Russ McRee via Secunia.

WebCalendar:
http://sourceforge.net/mailarchive/forum.php?thread_name=z2u1f9585051004090711qf8e317e5k1b4ac0470131a93a%40mail.gmail.com&forum_name=webcalendar-announce
http://webcalendar.cvs.sourceforge.net/viewvc/webcalendar/webcalendar/ChangeLog?pathrev=REL_1_2

Russ McRee:
http://holisticinfosec.org/content/view/133/45/

http://secunia.com/advisories/38222


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WebCalendar Multiple Vulnerabilities

by Carol~ Moderator - 3/1/13 10:16 AM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Release Date : 2010-04-05
Last Update : 2013-03-01

Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: WebCalendar 1.x

Description:
Multiple vulnerabilities have been discovered in WebCalendar, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and request forgery attacks.

1) Input passed via the "name", "description", and "location" parameters to edit_entry_handler.php is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

2) Input passed via the "color" parameter to colors.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

3) Input appended to the URL after e.g. about.php or year.php is not properly sanitised in includes/init.php before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

4) Input passed via the "form", "fday", "fmonth", and "fyear" parameters to datesel.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

5) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. delete an event, ban an IP address from posting, or change the administrative password if a logged-in administrative user visits a malicious web site.

6) Input passed via the "catname" POST parameter to category_handler.php is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site if malicious data is viewed.

The vulnerabilities are confirmed in version 1.2.7. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
1) Matt Jezorek
2) High-Tech Bridge SA
3, 4) Stefan Schurtz
5) Russ McRee
6) Kenneth F. Belva

Original Advisory:
Matt Jezorek:
https://www.upsploit.com/index.php/advisories/view/UPS-2010-0004

High-Tech Bridge SA (HTB22930):
http://www.htbridge.ch/advisory/xss_in_webcalendar.html

SSCHADV2011-008:
http://www.rul3z.de/advisories/SSCHADV2011-008.txt

Russ McRee:
http://holisticinfosec.org/content/view/133/45/

Kenneth F. Belva:
http://securitymaverick.com/vulnerability-cve-2013-1421-webcalendar-1-2-5-1-2-6-category-name-persistent-xss/

http://secunia.com/advisories/44024


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Websense TRITON Unified Security Center Multiple

by Carol~ Moderator - 3/1/13 12:24 PM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Websense TRITON Unified Security Center Multiple Vulnerabilities

Release Date : 2013-03-01

Criticality level : Less critical
Impact : Security Bypass
Cross Site Scripting
Manipulation of data
DoS
Where: From remote
Solution Status : Unpatched

Software: Websense TRITON Unified Security Center 7.x

Description:
Edward Farrell has reported multiple vulnerabilities in Websense TRITON Unified Security Center, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and SQL injection attacks, and cause a DoS (Denial of Service).

1) An error within the session management when accessing certain pages can be exploited to access otherwise restricted pages via specially crafted cookies.

2) The application improperly protects access to two pages, which can be exploited to bypass the authentication for the pages.

3) Certain unspecified input is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

4) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

5) An unspecified error can be exploited to crash the Websense system service.

The vulnerabilities are reported in versions 7.6.0.77, 7.6.0.104, 7.6.2.18, 7.7.0.59, and 7.7.3.11.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Edward Farrell, Detica.

Original Advisory:
http://www.baesystemsdetica.com.au/Research/Advisories/Websense-TRITON-Unified-Security-Center-Multiple-V

http://secunia.com/advisories/52344/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

mnoGoSearch Two Vulnerabilities

by Carol~ Moderator - 3/1/13 12:24 PM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Release Date : 2013-03-01

Criticality level : Moderately critical
Impact : Cross Site Scripting
Exposure of sensitive information
Where : From remote
Solution Status: Vendor Patch

Software: mnoGoSearch 3.x

Description:
Two vulnerabilities have been reported in mnoGoSearch, which can be exploited by malicious people to disclose certain sensitive information and conduct cross-site scripting attacks.

1) An error when parsing certain QUERY_STRING parameters can be exploited to disclose the contents of arbitrary files.

2) Input passed via e.g. the "STORED" parameter to search/index.html (when "q" is set to "x") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

The vulnerabilities are reported in version 3.3.12. Prior versions may also be affected.

Solution:
Update to version 3.3.13.

Provided and/or discovered by:
Sergey Bobrov, Positive Research Center

Original Advisory:
http://www.mnogosearch.org/doc33/msearch-changelog.html

http://secunia.com/advisories/52401/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

X-Cart Multiple Vulnerabilities

by Carol~ Moderator - 3/1/13 12:26 PM

In Reply to: VULNERABILITIES / FIXES - March 01, 2013 by Carol~ Moderator

Release Date : 2013-03-01

Criticality level : Moderately critical
Impact : Cross Site Scripting
Security Bypass
Where : From remote
Solution Status: Vendor Patch

Software: Qualiteam X-Cart Gold 4.x
Qualiteam X-Cart Pro 4.x

Description:
Multiple vulnerabilities have been reported in X-Cart, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions.

1) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) An unspecified error when handling a certain Smarty tag can be exploited to bypass certain security restrictions and gain application access via a specially crafted Smarty tag.

Successful exploitation requires access to the administration back end.

3) An unspecified error can be exploited by fulfillment staff users to access otherwise restricted functionality.

4) An error when handling a certain type of customer accounts can be exploited to gain access to the administrative back end.

The vulnerabilities are reported in versions prior to 4.5.5.

Solution:
Update to version 4.5.5 or apply security patches (please see the vendor's advisory for details).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
X-Cart:
http://us1.campaign-archive1.com/?u=8f406bcb33564cce3343fee6e&id=a3a0c74b87
http://freecode.com/projects/xcart/releases/352242

http://secunia.com/advisories/52347/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close