Ad: Manage updates with the Download App
ie8 fix

Spyware, viruses, & security forum: VULNERABILITIES / FIXES - March 04, 2013

by: Carol~ March 4, 2013 7:13 AM PST

Like this

0 people like this thread

Staff pick

VULNERABILITIES / FIXES - March 04, 2013

by Carol~ Moderator - 3/4/13 7:13 AM

Oracle Java Unspecified Code Execution Vulnerability

Release Date : 2013-03-02

Criticality level : Extremely critical
Impact : System access
Where : From remote
Solution Status: Unpatched

Software: Oracle Java JDK 1.7.x / 7.x
Oracle Java JRE 1.7.x / 7.x
Sun Java JDK 1.6.x / 6.x
Sun Java JRE 1.6.x / 6.x

Description:
A vulnerability has been reported in Oracle Java, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error. No further information is currently available.

NOTE: This is currently being actively exploited in targeted attacks.

The vulnerability is reported in version 7 update 15 and version 6 update 41. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Reported as a 0-day.

http://secunia.com/advisories/52451/


Reply
Report offensive post
Email to friend

Debian update for xen

by Carol~ Moderator - 3/4/13 7:19 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Not critical
Impact: DoS
Where : Local system
Solution Status : Vendor Patch

Operating System: Debian GNU/Linux 6.0

Description:
Debian has issued an update for xen. This fixes multiple vulnerabilities, which can be exploited by malicious, local users in a guest virtual machine to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the apt-get package manager.

Original Advisory:
DSA-2636-2:
http://www.debian.org/security/2013/dsa-2636

http://secunia.com/advisories/52406/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for rubygem-devise

by Carol~ Moderator - 3/4/13 7:19 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Less critical
Impact : Security Bypass
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 12.2

Description:
SUSE has issued an update for rubygem-devise. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0374-1:
http://lists.opensuse.org/opensuse-updates/2013-03/msg00000.html

http://secunia.com/advisories/52453/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for ruby19

by Carol~ Moderator - 3/4/13 7:19 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Less critical
Impact : DoS
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 12.2

Description:
SUSE has issued an update for ruby19. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0376-1:
http://lists.opensuse.org/opensuse-updates/2013-03/msg00002.html

http://secunia.com/advisories/52452/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for java-1_7_0-openjdk

by Carol~ Moderator - 3/4/13 7:20 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Highly critical
Impact : Manipulation of data
DoS
System access
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Operating System: openSUSE 12.2

Description:
SUSE has issued an update for java-1_7_0-openjdk. This fixes multiple vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a vulnerable system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0377-1:
http://lists.opensuse.org/opensuse-updates/2013-03/msg00003.html

http://secunia.com/advisories/52448/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for java-1_6_0-openjdk

by Carol~ Moderator - 3/4/13 7:20 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Highly critical
Impact : System access
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Operating System :
openSUSE 11.4
openSUSE 12.1

Description:
SUSE has issued an update for java-1_6_0-openjdk. This fixes a weakness and a vulnerability, which can be exploited by malicious people to disclose certain sensitive information and compromise a user's system.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0375-1:
http://lists.opensuse.org/opensuse-updates/2013-03/msg00001.html

openSUSE-SU-2013:0378-1:
http://lists.opensuse.org/opensuse-updates/2013-03/msg00004.html

http://secunia.com/advisories/52446/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Xerox FreeFlow Print Server Multiple Vulnerabilities

by Carol~ Moderator - 3/4/13 8:08 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Highly critical
Impact : Unknown
Security Bypass
Cross Site Scripting
Spoofing
Exposure of sensitive information
Privilege escalation
DoS
System access
Where : From remote
Solution Status : Vendor Patch

Software: Xerox FreeFlow Print Server 8.x

Description:
Xerox has acknowledged multiple vulnerabilities in Xerox FreeFlow Print Server, which can be exploited by malicious, local users to disclose potentially sensitive information, manipulate certain data, cause a DoS (Denial of Service), and gain escalated privileges and by malicious people to conduct cross-site scripting and phishing attacks, disclose potentially sensitive information, manipulate certain data, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.

The vulnerabilities are reported in versions 73.C0.41 and 73.B3.61.

Solution:
Apply updates. Please see the vendor's advisory for more details.

Original Advisory:
XRX13-003:
http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf

http://secunia.com/advisories/52429/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Kaspersky Internet Security Kaspersky Anti-Virus NDIS 6

by Carol~ Moderator - 3/4/13 8:08 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Kaspersky Internet Security Kaspersky Anti-Virus NDIS 6 Filter Denial of Service Vulnerability

Release Date : 2013-03-04

Criticality level : Moderately critical
Impact : DoS
Where : From remote
Solution Status : Unpatched

Software: Kaspersky Internet Security 13.x

Description:
Marc Heuse has discovered a vulnerability in Kaspersky Internet Security, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error in the Kaspersky Anti-Virus NDIS 6 Filter component when handling certain IPv6 traffic, which can be exploited to exhaust CPU resources and render the system unusable by sending specially crafted packets.

Successful exploitation requires the system to be accessible via IPv6.

The vulnerability is confirmed in version 13.0.1.4190. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
Marc Heuse

Original Advisory:
http://seclists.org/fulldisclosure/2013/Mar/36

http://secunia.com/advisories/52053/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

SUSE update for git

by Carol~ Moderator - 3/4/13 8:37 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Less critical
Impact: Spoofing
Where : From remote
Solution Status : Vendor Patch

Operating System :
openSUSE 11.4
openSUSE 12.1
openSUSE 12.2

Description:
SUSE has issued an update for git. This fixes a security issue, which can be exploited by malicious people to conduct spoofing attacks.

Solution:
Apply updated packages via the zypper package manager.

Original Advisory:
openSUSE-SU-2013:0380-1:
http://lists.opensuse.org/opensuse-updates/2013-03/msg00005.html

openSUSE-SU-2013:0382-1:
http://lists.opensuse.org/opensuse-updates/2013-03/msg00007.html

http://secunia.com/advisories/52443/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM WebSphere Commerce Web Services Framework

by Carol~ Moderator - 3/4/13 8:37 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

IBM WebSphere Commerce Web Services Framework Denial of Service Vulnerability

Release Date : 2013-03-04

Criticality level : Less critical
Impact: DoS
Where : From remote
Solution Status : Vendor Patch

Software:
IBM Websphere Commerce 6.x
IBM WebSphere Commerce 7.x

Description:
A vulnerability has been reported in IBM WebSphere Commerce, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error within the web services framework and can be exploited to prevent users from logging on.

The vulnerability is reported in versions 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6.

Solution:
Apply fixes.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (JR44528, JR45471):
http://www.ibm.com/support/docview.wss?uid=swg21618720
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_dos_vulnerability_in_websphere_commerce_related_to_web_services_cve_2012_485511?lang=en_us

http://secunia.com/advisories/52492/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Stunnel OpenSSL and CONNECT Protocol Negotiation NTLM

by Carol~ Moderator - 3/4/13 8:37 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Stunnel OpenSSL and CONNECT Protocol Negotiation NTLM Authentication Vulnerabilities

Release Date : 2013-03-04

Criticality level : Less critical
Impact: DoS
Exposure of sensitive information
System access
Where : From remote
Solution Status : Vendor Patch

Software: Stunnel 4.x

Description:
Some vulnerabilities have been reported in Stunnel, which can be exploited by malicious people to disclose potentially sensitive information, cause a DoS (Denial of Service), and compromise a user's system.

1) The application bundles a vulnerable version of OpenSSL.

2) An error when handling integer conversions within the NTLM authentication mechanism of the CONNECT protocol negotiation can be exploited to cause a buffer overflow.

Successful exploitation of this vulnerability may allow execution of arbitrary code but requires tricking a user into connecting to a malicious proxy server.

NOTE: This vulnerability only affects versions compiled as a 64-bit executable. 32-bit builds are not vulnerable.

This vulnerability is reported in versions 4.21 through 4.54.

Solution:
Update to version 4.55.

Provided and/or discovered by:
The vendor credits Mateusz Kocielski, LogicalTrust

Original Advisory:
Stunnel:
https://www.stunnel.org/CVE-2013-1762.html
https://www.stunnel.org/sdf_ChangeLog.html

http://secunia.com/advisories/52460/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM DB2 Information Center IEHS Multiple Vulnerabilities

by Carol~ Moderator - 3/4/13 8:37 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Less critical
Impact: Cross Site Scripting
Spoofing
Exposure of sensitive information
Where : From remote
Solution Status : Vendor Patch

Software:
IBM DB2 Information Center 10.x
IBM DB2 Information Center 9.x

Description:
A weakness and multiple vulnerabilities have been reported in IBM DB2 Information Center, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting and spoofing attacks.

The application bundles a vulnerable version of Eclipse Help System.

The weakness and vulnerabilities are reported in versions 9.5, 9.7, and 10.1.

Solution:
Apply patch.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM:
https://www.ibm.com/support/docview.wss?uid=swg21612193
https://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_open_redirect_and_cross_site_scripting_vulnerabilities_in_the_locally_installable_ibm_db2_information_center_cve_2012_2159_cve_2012_2161_cve_2013_04677

http://secunia.com/advisories/52489/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Rational Developer for System z Unspecified Command

by Carol~ Moderator - 3/4/13 8:37 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

IBM Rational Developer for System z Unspecified Command Execution Vulnerability

Release Date : 2013-03-04

Criticality level : Moderately critical
Impact : System access
Where : From local network
Solution Status : Vendor Patch

Software: IBM Rational Developer for System z 8.x

Description:
A vulnerability has been reported in IBM Rational Developer for System z, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary commands. No further information is currently available.

The vulnerability is reported in version 8.5.1.

Solution:
Apply PTF UK91676 (APAR PM81945).

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
IBM (UK91676, PM81945):
http://www.ibm.com/support/docview.wss?uid=swg24034401

http://secunia.com/advisories/52500/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

WordPress Uploader Plugin Cross-Site Scripting and Arbitrary

by Carol~ Moderator - 3/4/13 8:38 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

WordPress Uploader Plugin Cross-Site Scripting and Arbitrary File Upload Vulnerabilities

Release Date : 2013-03-04

Criticality level : Highly critical
Impact : Cross Site Scripting
System access
Where : From remote
Solution Status : Unpatched

Software: WordPress Uploader Plugin 1.x

Description:
Two vulnerabilities have been discovered in the Uploader plugin for WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system.

1) Input passed via the "blog" GET parameter to wp-content/plugins/uploader/views/notify.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.

2) The wp-content/plugins/uploader/uploadify/uploadify.php script allows the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to upload arbitrary files inside the webroot and e.g. execute arbitrary PHP code.

The vulnerabilities are confirmed in version 1.0.4. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
1) Dognaedis.
2) AutoSec Tools.

Original Advisory:
DGS-SEC-16:
https://www.dognaedis.com/vulns/DGS-SEC-16.html

AutoSec Tools:
http://www.autosectools.com/Advisories/WordPress.Uploader.1.0.0_Arbitrary.Upload_78.html

http://secunia.com/advisories/52465/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ruby ftpd Gem Shell Command Injection Vulnerability

by Carol~ Moderator - 3/4/13 8:44 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Moderately critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: ftpd gem for Ruby 2.x

Description:
A vulnerability has been reported in the ftpd gem for Ruby, which can be exploited by malicious users to compromise a vulnerable system.

Input passed via a file name is not properly sanitised in the "ls()" function (lib/ftpd/disk_file_system.rb) before being used as a command line argument. This can be exploited to inject and execute arbitrary shell commands.

The vulnerability is reported in version 0.2.1. Prior versions may also be affected.

Solution:
Update to version 0.2.2.

Provided and/or discovered by:
Larry W. Cashdollar

Original Advisory:
http://seclists.org/fulldisclosure/2013/Mar/26

http://secunia.com/advisories/52407/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ruby httparty Gem XML Parameter Parsing Vulnerability

by Carol~ Moderator - 3/4/13 8:44 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: httparty gem for Ruby 2.x

Description:
A vulnerability has been reported in the httparty gem for Ruby, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error when parsing XML parameters, which allows symbol and yaml types to be a part of the request and can be exploited to execute arbitrary commands.

The vulnerability is reported in version 0.9.0. Prior versions may also be affected.

Solution:
Update to version 0.10.0 or later.

Original Advisory:
https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately

http://secunia.com/advisories/52431/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ruby ruby-openid Gem Denial of Service Vulnerability

by Carol~ Moderator - 3/4/13 8:44 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Moderately critical
Impact : Dos
Where : From remote
Solution Status : Vendor Patch

Software: ruby-openid gem for Ruby 1.x

Description:
A vulnerability has been reported in the ruby-openid gem for Ruby, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error when parsing XML entities, which can be exploited to consume large amounts of memory and cause a crash or hang via a specially crafted XML containing malicious attributes.

The vulnerability is reported in version 2.2.1. Prior versions may also be affected.

Solution:
Update to version 2.2.2 or later.

Provided and/or discovered by:
Reginaldo Silva (ubercomp)

Original Advisory:
https://github.com/openid/ruby-openid/pull/43

http://secunia.com/advisories/52434/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ruby extlib Gem XML Parameter Parsing Vulnerability

by Carol~ Moderator - 3/4/13 8:44 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: extlib gem for Ruby 2.x

Description:
A vulnerability has been reported in the extlib gem for Ruby, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error when parsing XML parameters, which allows symbol and yaml types to be a part of the request and can be exploited to execute arbitrary commands.

The vulnerability is reported in version 0.9.15. Prior versions may also be affected.

Solution:
Update to version 0.9.16.

Original Advisory:
https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately

http://secunia.com/advisories/52440/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Ruby crack Gem XML Parameter Parsing Vulnerability

by Carol~ Moderator - 3/4/13 9:31 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Highly critical
Impact : System access
Where : From remote
Solution Status : Vendor Patch

Software: crack gem for Ruby 2.x

Description:
A vulnerability has been reported in the crack gem for Ruby, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error when parsing XML parameters, which allows symbol and yaml types to be a part of the request and can be exploited to execute arbitrary commands.

The vulnerability is reported in version 0.3.1. Prior versions may also be affected.

Solution:
Update to version 0.3.2.

Original Advisory:
https://support.cloud.engineyard.com/entries/22915701-january-14-2013-security-vulnerabilities-httparty-extlib-crack-nori-update-these-gems-immediately

http://secunia.com/advisories/52455/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Cerb Email Attachment Script Insertion Vulnerability

by Carol~ Moderator - 3/4/13 9:31 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Moderately critical
Impact : Cross Site Scripting
Where : From remote
Solution Status: Vendor Patch

Software: Cerb 6.x

Description:
A vulnerability has been reported in Cerb, which can be exploited by malicious people to conduct script insertion attacks.

Certain input related to HTML email attachments is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in the context of an affected site if the malicious data is viewed.

The vulnerability is reported in versions prior to 6.2.5.

Solution:
Update to version 6.2.5.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://wiki.cerbweb.com/6.2#6.2.5

http://secunia.com/advisories/52458/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

FFmpeg Multiple Vulnerabilities

by Carol~ Moderator - 3/4/13 9:31 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Highly critical
Impact : DoS
System access
Where : From remote
Solution Status : Vendor Patch

Software: FFmpeg 1.x

Description:
Multiple vulnerabilities have been reported in FFmpeg, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library.

1) An error within the "ff_h264_decode_seq_parameter_set()" function (libavcodec/h264_ps.c) when decoding certain parameter set can be exploited to cause an out of array access violation.

2) An error within the "attribute_align_arg avcodec_decode_audio4()" function (libavcodec/utils.c) can be exploited to cause an out of array access violation.

3) An error within the "swr_init()" function (libswresample/swresample.c) can be exploited to cause an out of array access violation.

4) An error within the "read_header()" function (libavcodec/shorten.c) can be exploited to free invalid addresses.

5) An error within the "doubles2str()" and "shorts2str()" functions (libavcodec/tiff.c) can be exploited to cause an out of array access violation.

6) An error within the "ff_add_png_paeth_prediction()" function (libavcodec/pngdec.c) can be exploited to cause an out of array access violation.

7) An integer overflow error within the "old_codec37()" function (libavcodec/sanm.c) can be exploited to corrupt memory.

8) An error within the "old_codec37()" function (libavcodec/sanm.c) can be exploited to cause an out of array access violation.

9) An error within the "advance_line()" function (libavcodec/targa.c) can be exploited to cause an out of array access violation.

The vulnerabilities are reported in versions prior to 1.1.3.

Solution:
Update to version 1.1.3.

Provided and/or discovered by:
The vendor credits Mateusz "j00ru" Jurczyk and Gynvael Coldwind.

Original Advisory:
http://ffmpeg.org/security.html

http://secunia.com/advisories/52459/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

IBM Cognos Business Intelligence Multiple Vulnerabilities

by Carol~ Moderator - 3/4/13 9:31 AM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Moderately critical
Impact : Cross Site Scripting
Exposure of sensitive information
DoS
System access
Where : From remote
Solution Status: Vendor Patch

Software:
IBM Cognos 8 Business Intelligence
IBM Cognos Business Intelligence 10.x

Description:
Multiple vulnerabilities have been reported in IBM Cognos Business Intelligence, which can be exploited by malicious users to disclose certain sensitive information and conduct script insertion attacks and by malicious people to conduct cross-site scripting attacks, disclose certain sensitive information, cause a DoS (Denial of Service), and compromise a vulnerable system.

1) The application bundles a vulnerable version of libpng.

2) The application bundles a vulnerable version of Tomcat.

3) The application bundles a vulnerable version of Java.

4) Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

5) Certain unspecified input is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed.

6) Certain unspecified input is not properly sanitised before being used in a XPath query. This can be exploited to disclose arbitrary XML documents.

7) Certain unspecified input is not properly sanitised before being used in a XPath query. This can be exploited to call registered XPath extension functions and disclose certain data.

8) An input validation error when handling serialized Java input can be exploited to inject and execute arbitrary commands.

The vulnerabilities are reported in versions 8.4.1, 10.1, 10.1.1, and 10.2.

Solution:
Apply interim fixes. Please see the vendor's advisory for more information.

Provided and/or discovered by:
4 - 8) Reported by the vendor.

Original Advisory:
http://www.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_multiple_vulnerabilities_in_ibm_cognos_bi_8_4_1_10_1_10_1_1_and_10_2_cve_2011_3026_cve_2011_4858_cve_2012_0498_cve_2012_2177_cve_2012_2193_cve_2012_4835_cve_2012_4836_cve_2012_4837_cve_2012_4840_cve_2012_4858_cve_2012_508118?lang=en_us
http://www.ibm.com/support/docview.wss?uid=swg21626697
http://www.ibm.com/support/docview.wss?uid=swg24034373

http://secunia.com/advisories/52491/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Question2Answer Cross-Site Request Forgery Vulnerability

by Carol~ Moderator - 3/4/13 12:49 PM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: Question2Answer 1.x

Description:
MustLive has discovered a vulnerability in Question2Answer, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to e.g. modify user's email address when a logged-in user visits a specially crafted web page.

The vulnerability is confirmed in version 1.5.4. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
MustLive

Original Advisory:
MustLive:
http://packetstormsecurity.com/files/120610/Question2Answer-1.5.3-CSRF-Brute-Force.html
http://websecurity.com.ua/6192/

http://secunia.com/advisories/52400/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

doorGets CMS Cross-Site Request Forgery Vulnerability

by Carol~ Moderator - 3/4/13 12:49 PM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Release Date : 2013-03-04

Criticality level : Less critical
Impact: Cross Site Scripting
Where : From remote
Solution Status : Unpatched

Software: doorGets CMS 4.x

Description:
A vulnerability has been discovered in doorGets CMS, which can be exploited by malicious people to conduct cross-site request forgery attacks.

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. change the site configuration if a logged-in administrative user visits a malicious web site.

The vulnerability is confirmed in version 4.1. Other versions may also be affected.

Solution:
No official solution is currently available.

Provided and/or discovered by:
n0pe

Original Advisory:
n0pe:
http://www.exploit-db.com/exploits/24560/

http://secunia.com/advisories/52477/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Xerox Multiple Devices Multiple Protocols Unauthorised

by Carol~ Moderator - 3/4/13 12:51 PM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Xerox Multiple Devices Multiple Protocols Unauthorised Access Security Issues

Release Date : 2013-03-04

Criticality level : Less critical
Impact: Security Bypass
Where: From local network
Solution Status : Vendor Patch

Operating System :
Xerox ColorQube 9200 Series
Xerox ColorQube 9300 Series
Xerox WorkCentre
Xerox WorkCentre Pro

Description:
Some security issues have been reported in multiple Xerox devices, which can be exploited by malicious people to bypass certain security restrictions.

The security issues are caused due to device improperly restricting access via certain protocols, which can be exploited to gain unauthorised access to a device.

Please see the vendor's advisory for a list of affected devices and versions.

Solution:
Apply patch.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.xerox.com/download/security/security-bulletin/1b480-4c596f3916140/cert_XRX12-005_v1.031.pdf

http://secunia.com/advisories/52496/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Xerox WorkCentre Web Server ByteRange Filter Denial

by Carol~ Moderator - 3/4/13 3:52 PM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Xerox WorkCentre Web Server ByteRange Filter Denial of Service Vulnerability

Release Date : 2013-03-04

Criticalitly: Less critical
Impact: DoS
Where: From local network
Solution Status : Vendor Patch

Operating System: Xerox WorkCentre

Description:
Xerox has acknowledged a vulnerability in Xerox WorkCentre, which can be exploited by malicious people to cause a DoS (Denial of Service).

Please see the vendor's advisory for a list of affected products.

Solution:
Apply patch.

Original Advisory:
http://www.xerox.com/download/security/security-bulletin/1024c-4c596fb328140/cert_XRX12-004_v1.011.pdf

http://secunia.com/advisories/52378/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Xerox Phaser 7800 Multiple Protocols Unauthorised Access

by Carol~ Moderator - 3/4/13 3:52 PM

In Reply to: VULNERABILITIES / FIXES - March 04, 2013 by Carol~ Moderator

Xerox Phaser 7800 Multiple Protocols Unauthorised Access Security Issues

Release Date : 2013-03-04

Criticality level : Less critical
Impact: Security Bypass
Where: From local network
Solution Status : Vendor Patch

Operating System : Xerox Phaser 7800

Description:
Some security issues have been reported in Xerox Phaser 7800, which can be exploited by malicious people to bypass certain security restrictions.

The security issues are caused due to the device improperly restricting access via certain protocols, which can be exploited to gain unauthorised access to a device.

Solution:
Apply update.

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.xerox.com/download/security/security-bulletin/11ec6-4cb930fb517c0/cert_XRX12-012_v1.01.pdf

http://secunia.com/advisories/52330/


Was this reply helpful? (0)   (0)

Staff pick

Reply
Report offensive post
Email to friend

Forum Icon Legend

  • UnreadUnread
  • ReadRead
  • Locked threadLocked thread
  •   
  •   
  •   
  •   
  •   
  •   
  •   
  • ModeratorModerator
  • CNET StaffCNET Staff
  • Samsung StaffSamsung Staff
  • Norton Authorized Support TeamNorton Authorized Support Team
  • AVG StaffAVG Staff
  • avast! Staffavast! Staff
  • Webroot Support TeamWebroot Support Team
  • Acer Customer Experience TeamAcer Customer Experience Team
  • Windows Outreach TeamWindows Outreach Team
  • DISH staffDISH staff
  • Dell StaffDell Staff
  • Intel StaffIntel Staff
  • QuestionQuestion
  • Resolved questionResolved question
  • General discussionGeneral discussion
  • TipTip
  • Alert or warningAlert or warning
  • PraisePraise
  • RantRant

You are e-mailing the following post: Post Subject

Your e-mail address is used only to let the recipient know who sent the e-mail and in case of transmission error. Neither your address nor the recipient's address will be used for any other purpose.

Sorry, there was a problem emailing this post. Please try again.

Submit Email Cancel

Thank you. Sent email to

Close

Thank you. Sent email to

Close

You are reporting the following post: Post Subject

If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

Offensive: Sexually explicit or offensive language

Spam: Advertisements or commercial links

Disruptive posting: Flaming or offending other users

Illegal activities: Promote cracked software, or other illegal content

Sorry, there was a problem submitting your post. Please try again.

Submit Report Cancel

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

Your message has been submitted and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.

Close

You are posting a reply to: Post Subject

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to the CNET Forums policies for details. All submitted content is subject to CBS Interactive Site Terms of Use.

You are currently tracking this discussion. Click here to manage your tracked discussions.

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

Sorry, there was a problem submitting your post. Please try again.

Sorry, there was a problem generating the preview. Please try again.

Duplicate posts are not allowed in the forums. Please edit your post and submit again.

Submit Reply Preview Cancel

Thank you, , your post has been submitted.

> Click here to view your post. > Manage your tracked discussions. > Track this discussion. Close

Thank you, , your post has been submitted and will appear on our site shortly.

Close