Cisco IPSec VPN Implementation Group Name Enumeration: Patch Notification

Users of Cisco IPSec VPN Implementation Group Name Enumeration please be advised of a Patch Notification that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

NGS00014: [NGS00014] Patch Notification: Cisco IPSec VPN Implementation Group Name Enumeration

Gavin Jones of NGS Secure has discovered a vulnerability in (Cisco) Cisco VPN Concentrator, Cisco PIX and Cisco Adaptive Security Appliance. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fbz1Bx

Cisco IPSec VPN Implementation Group Name Enumeration: Patch Notification http://bit.ly/fbz1Bx

Winamp: NSV Table of Contents Parsing Integer Overflow Vulnerability http://bit.ly/edeLcx

Winamp: NSV Table of Contents Parsing Integer Overflow Vulnerability

Users of Winamp please be advised of a NSV Table of Contents Parsing Integer Overflow vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

Winamp-SA-12/01/2010: Winamp NSV Table of Contents Parsing Integer Overflow

Affected Software * Winamp 5.581 * Winamp 5.59 Beta Build 3033 NOTE: Other versions may also be affected.

Description of Vulnerability Secunia Research has discovered a vulnerability in Winamp, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an integer overflow error in the "in_nsv.dll" plugin when parsing the Table of Contents. This can be exploited to cause a heap-based buffer overflow via a specially crafted NSV stream or file. Successful exploitation allows execution of arbitrary code.

Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/edeLcx

Bind: Denial of Service Vulnerabilities http://bit.ly/hruLHb

Bind: Denial of Service Vulnerabilities

Users of Bind please be advised of a denial of service vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

USN-1025-1: [USN-1025-1] Bind vulnerabilities

Details follow: It was discovered that Bind would incorrectly allow a ncache entry and a rrsig for the same type. A remote attacker could exploit this to cause Bind to crash, resulting in a denial of service. (CVE-2010-3613) It was discovered that Bind would incorrectly mark zone data as insecure when the zone is undergoing a key algorithm rollover. (CVE-2010-3614) Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hruLHb

Apache Archiva: CSRF Vulnerability http://bit.ly/gcg0s3

Apache Archiva: CSRF Vulnerability

Users of Apache Archiva please be advised of a CSRF vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

CVE-2010-3449: Apache Archiva CSRF Vulnerability

Description: Apache Archiva doesn't check which form sends credentials. An attacker can create a specially crafted page and force archiva administrators to view it and change their credentials. To fix this, a referrer check was added to the security interceptor for all secured actions. A prompt for the administrator's password when changing a user account was also set in place. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/gcg0s3

BugTracker.Net: Multiple Vulnerabilities http://bit.ly/gNT2lW

BugTracker.Net: Multiple Vulnerabilities

Users of BugTracker.Net please be advised of Multiple vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

CORE-2010-1109: [CORE-2010-1109] Multiple vulnerabilities in BugTracker.Net

*Vulnerability Description* BugTracker.NET [1][2] is an open-source web-based bug tracker written using ASP.NET, C#, and Microsoft SQL Server. Several cross-site scripting and SQL-injection vulnerabilities were found in the following files of the BugTracker.NET: . *bugs.aspx*. SQL injection in line 141. . *delete_query.aspx*. No sanitization for 'row_id.Value' in line 30. . *edit_bug.aspx*. Variables without sanitization in lines 1846 and 1857. . *edit_bug.aspx*. No sanitization for variable 'new_project', line 2214. . *edit_bug.aspx*. XSS in line 2918. . *edit_comment.aspx*. XSS in line 233. . *edit_customfield.aspx*. Lines 165 and 172, no sanitization. . *edit_user_permissions2.aspx*. XSS in line 40. . *massedit.aspx*. SQL Injection in line 162. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/gNT2lW

BugTracker.Net: Several Cross-Site Scripting and SQL-Injection Vulnerabilities

Users of BugTracker.Net please be advised of Several cross-site scripting and SQL-injection vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

CORE-2010-1109: [CORE-2010-1109] Multiple vulnerabilities in BugTracker.Net

*Vulnerability Description* BugTracker.NET [1][2] is an open-source web-based bug tracker written using ASP.NET, C#, and Microsoft SQL Server. Several cross-site scripting and SQL-injection vulnerabilities were found in the following files of the BugTracker.NET: . *bugs.aspx*. SQL injection in line 141. . *delete_query.aspx*. No sanitization for 'row_id.Value' in line 30. . *edit_bug.aspx*. Variables without sanitization in lines 1846 and 1857. . *edit_bug.aspx*. No sanitization for variable 'new_project', line 2214. . *edit_bug.aspx*. XSS in line 2918. . *edit_comment.aspx*. XSS in line 233. . *edit_customfield.aspx*. Lines 165 and 172, no sanitization. . *edit_user_permissions2.aspx*. XSS in line 40. . *massedit.aspx*. SQL Injection in line 162. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hjepQz

Pandora FMS: Authentication Bypass and Multiple Input Validation Vulnerabilities http://bit.ly/dYg6Y0

Pandora FMS: Authentication Bypass and Multiple Input Validation Vulnerabilities

Users of Pandora FMS please be advised of an Authentication Bypass and Multiple Input Validation Vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

Pandora-SA-11/30/2010: Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities

Pandora FMS Authentication Bypass and Multiple Input Validation Vulnerabilities CVE IDs in this security advisory: 1) Authentication bypass - CVE-2010-4279 2) OS Command Injection - CVE-2010-4278 3) SQL Injection - CVE-2010-4280 4) Blind SQL Injection - CVE-2010-4280 5) Path Traversal - CVE-2010-4281 - CVE-2010-4282 - CVE-2010-4283 Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/dYg6Y0

Phpmyadmin: Cross-Site-Scripting (XSS) Vulnerability http://bit.ly/hvlc89

Phpmyadmin: Cross-Site-Scripting (XSS) Vulnerability

Users of phpmyadmin please be advised of a Cross-site-scripting (XSS) vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

MDVSA-2010:244: [MDVSA-2010:244] phpmyadmin Cross-site-scripting Issue

Package : phpmyadmin

Problem Description: A vulnerability has been found and corrected in phpmyadmin: It was possible to conduct a XSS attack using spoofed request on the db search script (CVE-2010-4329). This upgrade provides the latest phpmyadmin versions which is not vulnerable to this security issue. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hvlc89

MIT Kerberos (krb5): Multiple Checksum Handling Vulnerabilities

Users of MIT Kerberos (krb5) please be advised of a Multiple checksum handling vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

MITKRB5-SA-2010-007: [MITKRB5-SA-2010-007] Multiple checksum handling vulnerabilities

SUMMARY ======= These vulnerabilities are in the MIT implementation of Kerberos (krb5), but because these vulnerabilities arise from flaws in protocol handling logic, other implementations may also be vulnerable. CVE-2010-1324 MIT krb5 (releases krb-1.7 and newer) incorrectly accepts an unkeyed checksum with DES session keys for version 2 (RFC 4121) of the GSS-API krb5 mechanism. MIT krb5 (releases krb5-1.7 and newer) incorrectly accepts an unkeyed checksum for PAC signatures. Running exclusively krb5-1.8 or newer KDCs blocks the attack. MIT krb5 KDC (releases krb5-1.7 and newer) incorrectly accepts RFC 3961 key-derivation checksums using RC4 keys when verifying the req-checksum in a KrbFastArmoredReq. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/gC9Vkx

MIT Kerberos (krb5): Multiple Checksum Handling Vulnerabilities http://bit.ly/gC9Vkx

Red Hat Enterprise MRG Messaging and Grid: Important Security Update http://bit.ly/eDgl8k

Red Hat Enterprise MRG Messaging and Grid: Important Security Update

Users of Red Hat Enterprise MRG Messaging and Grid please be advised of an Important security update that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0921-01: [RHSA-2010:0921-01] Important: Red Hat Enterprise MRG Messaging and Grid security update

Product: Red Hat Enterprise MRG for RHEL-5

Synopsis: Important: Red Hat Enterprise MRG Messaging and Grid security update

Summary: Updated Red Hat Enterprise MRG Messaging and Grid packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/eDgl8k

Red Hat Enterprise MRG Messaging and Grid: Importtant Security Update http://bit.ly/hPT4Si

Red Hat Enterprise MRG Messaging and Grid: Importtant Security Update

Users of Red Hat Enterprise MRG Messaging and Grid please be advised of an Important security update that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0922-01: [RHSA-2010:0922-01] Important: Red Hat Enterprise MRG Messaging and Grid security update

Product: Red Hat Enterprise MRG for RHEL-4

Description: Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT infrastructure for enterprise computing. MRG Messaging implements the Advanced Message Queuing Protocol (AMQP) standard, adding persistence options, kernel optimizations, and operating system services. The Management Console Installation Guide for Red Hat Enterprise MRG 1.3 instructed administrators to configure Condor to allow the MRG Management Console (cumin) to submit jobs on behalf of a user. This configuration facilitated a trust relationship between cumin and the Condor QMF plug-ins; however, there was inadequate access control on the trusted channel, allowing anyone able to publish to a broker to submit jobs to run as any other user (except root, as Condor does not run jobs as root). (CVE-2010-4179) Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hPT4Si

Red Hat Enterprise MRG Messaging and Grid http://bit.ly/how15u

Red Hat Enterprise MRG Messaging and Grid

Amplify’d from www.criticalwatch.com

RHSA-2010:0922-01: [RHSA-2010:0922-01] Important: Red Hat Enterprise MRG Messaging and Grid security update

Product: Red Hat Enterprise MRG for RHEL-4

Description: Red Hat Enterprise MRG (Messaging, Realtime and Grid) is a real-time IT infrastructure for enterprise computing. MRG Messaging implements the Advanced Message Queuing Protocol (AMQP) standard, adding persistence options, kernel optimizations, and operating system services. The Management Console Installation Guide for Red Hat Enterprise MRG 1.3 instructed administrators to configure Condor to allow the MRG Management Console (cumin) to submit jobs on behalf of a user. This configuration facilitated a trust relationship between cumin and the Condor QMF plug-ins; however, there was inadequate access control on the trusted channel, allowing anyone able to publish to a broker to submit jobs to run as any other user (except root, as Condor does not run jobs as root). (CVE-2010-4179) Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/how15u

Dynamic Host Configuration Protocol (DHCP): Moderate Security Update

Users of Dynamic Host Configuration Protocol (DHCP) please be advised of a Moderate Security Update that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0923-01: [RHSA-2010:0923-01] Moderate: dhcp security update

Product: Red Hat Enterprise Linux

Synopsis: Moderate: dhcp security update

Description: The Dynamic Host Configuration Protocol (DHCP) is a protocol that allows individual devices on an IP network to get their own network configuration information, including an IP address, a subnet mask, and a broadcast address. DHCPv6 is the DHCP protocol version for IPv6 networks. A NULL pointer dereference flaw was discovered in the way the dhcpd daemon parsed DHCPv6 packets. A remote attacker could use this flaw to crash dhcpd via a specially-crafted DHCPv6 packet, if dhcpd was running as a DHCPv6 server. (CVE-2010-3611) Users running dhcpd as a DHCPv6 server should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all DHCP servers will be restarted automatically.

Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fT0tcU

Dynamic Host Configuration Protocol (DHCP): Moderate Security Update http://bit.ly/fT0tcU

Wireshark: Moderate Security Update http://bit.ly/dN0FTd

Wireshark: Moderate Security Update

Users of Wireshark please be advised of a Moderate security update that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0924-01: [RHSA-2010:0924-01] Moderate: wireshark security update

Product: Red Hat Enterprise Linux

Description: Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark Local Download Sharing Service (LDSS) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-4300) A denial of service flaw was found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.2.13, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/dN0FTd

Wireshark: Moderate security update http://bit.ly/dN0FTd

Wireshark: Moderate security update

Amplify’d from www.criticalwatch.com

RHSA-2010:0924-01: [RHSA-2010:0924-01] Moderate: wireshark security update

Product: Red Hat Enterprise Linux

Description: Wireshark is a program for monitoring network traffic. Wireshark was previously known as Ethereal. A heap-based buffer overflow flaw was found in the Wireshark Local Download Sharing Service (LDSS) dissector. If Wireshark read a malformed packet off a network or opened a malicious dump file, it could crash or, possibly, execute arbitrary code as the user running Wireshark. (CVE-2010-4300) A denial of service flaw was found in Wireshark. Wireshark could crash or stop responding if it read a malformed packet off a network, or opened a malicious dump file. (CVE-2010-3445) Users of Wireshark should upgrade to these updated packages, which contain Wireshark version 1.2.13, and resolve these issues. All running instances of Wireshark must be restarted for the update to take effect. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/dN0FTd

krb5: Important Security and Bug Fix Update

Users of krb5 please be advised of an Important security and bug fix update that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0925-01: [RHSA-2010:0925-01] Important: krb5 security and bug fix update

Product: Red Hat Enterprise Linux

Synopsis: Important: krb5 security and bug fix update

Summary: Updated krb5 packages that fix multiple security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hbHawi

krb5: Important Security and Bug Fix Update http://bit.ly/hbHawi

Kerberos: Moderate Security Update

Users of Kerberos please be advised of a Moderate security update that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0926-01: [RHSA-2010:0926-01] Moderate: krb5 security update

Product: Red Hat Enterprise Linux

Synopsis: Moderate: krb5 security update

3. Description: Kerberos is a network authentication system which allows clients and servers to authenticate to each other using symmetric encryption and a trusted third party, the Key Distribution Center (KDC). Multiple checksum validation flaws were discovered in the MIT Kerberos implementation. A remote attacker could use these flaws to tamper with certain Kerberos protocol packets and, possibly, bypass authentication mechanisms in certain configurations using Single-use Authentication Mechanisms. (CVE-2010-1323)

All krb5 users should upgrade to these updated packages, which contain a backported patch to correct these issues. After installing the updated packages, the krb5kdc daemon will be restarted automatically. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/h78MZx

Kerberos: Moderate Security Update http://bit.ly/h78MZx

CUPS: New Packages Fix Denial of Service, Arbitrary Code Execution Vulnerabilities http://bit.ly/eQMVfZ

CUPS: New Packages Fix Denial of Service, Arbitrary Code Execution Vulnerabilities

Users of CUPS please be advised of a New packages fix denial of service, arbitrary code execution Vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

SSA:2010-333-01: [SSA:2010-333-01] cups denial-of-service patch

New cups packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.

Here are the details from the Slackware 13.1 ChangeLog: +--------------------------+ patches/packages/cups-1.4.5-i486-1_slack13.1.txz: Upgraded. Fixed memory corruption bugs that could lead to a denial of service or possibly execution of arbitrary code through a crafted IPP request. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2941 Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/eQMVfZ

Linux Kernel: Multiple Vulnerabilities http://bit.ly/i8TWQj

Linux Kernel: Multiple Vulnerabilities

Users of Linux kernel please be advised of Multiple Vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

USN-1023-1: [USN-1023-1] Linux kernel - Multiple Issues

Details follow: Nelson Elhage discovered several problems with the Acorn Econet protocol driver. A local user could cause a denial of service via a NULL pointer dereference, escalate privileges by overflowing the kernel stack, and assign Econet addresses to arbitrary interfaces. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/i8TWQj

OpenJDK: System Property Information Leaking Vulnerability http://bit.ly/fVl0Ae

OpenJDK: System Property Information Leaking Vulnerability

Users of OpenJDK please be advised of a system property information leaking vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

USN-1024-1: [USN-1024-1] OpenJDK vulnerability

Details follow: It was discovered that certain system property information was being leaked, which could allow an attacker to obtain sensitive information. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fVl0Ae

4images 1.7.X: SQL Injection and Path Disclosure Vulnerabilities http://bit.ly/h2ZpId

4images 1.7.X: SQL Injection and Path Disclosure Vulnerabilities

Users of 4images 1.7.X please be advised of a SQL injection and path disclosure vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

EV0200: [EV0200] SQL injection and Path Disclosure Auth Bypass in 4images 1.7.X

Software: "Powered by 4images"

Type: SQL injection and Path Disclosure

--------Description-------- bug exists in categories.php script. Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/xxx/html/hootersflorida/includes/db_mysql.php on line 116 Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/h2ZpId

OpenSSL: Multiple Vulnerabilities http://bit.ly/fnlv2N

OpenSSL: Multiple Vulnerabilities

Users of OpenSSL please be advised of multiple vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

FreeBSD-SA-10:10.openssl: [FreeBSD-SA-10:10] OpenSSL multiple vulnerabilities

I. Problem Description A race condition exists in the OpenSSL TLS server extension code parsing when used in a multi-threaded application, which uses OpenSSL's internal caching mechanism. The race condition can lead to a buffer overflow. [CVE-2010-3864] A double free exists in the SSL client ECDH handling code, when processing specially crafted public keys with invalid prime numbers. [CVE-2010-2939]

II. Impact For affected server applications, an attacker may be able to utilize the buffer overflow to crash the application or potentially run arbitrary code with the privileges of the application. [CVE-2010-3864]. It may be possible to cause a DoS or potentially execute arbitrary in the context of the user connection to a malicious SSL server. [CVE-2010-2939] Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fnlv2N

libxml2: Denial of Service Vulnerability http://bit.ly/fyPHIZ

libxml2: Denial of Service Vulnerability

Users of libxml2 please be advised of a Denial of service vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

MDVSA-2010:243: [MDVSA-2010:243] libxml2 Denial-of-service

Problem Description: A vulnerability was discovered and corrected in libxml2: libxml2 before 2.7.8 reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document (CVE-2010-4008). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fyPHIZ

'Orbis CMS': Arbitrary Script Execution Vulnerability http://bit.ly/gEARXY

'Orbis CMS': Arbitrary Script Execution Vulnerability

Users of 'Orbis CMS' please be advised of an Arbitrary Script Execution vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

Orbis-SA-11/29/2010: 'Orbis CMS' Arbitrary Script Execution Vulnerability (CVE-2010-4313)

DESCRIPTION --------------------------------------- A vulnerability exists in the 'Orbis CMS' fileman_file_upload.php script that allows any authenticated user to upload a PHP script and then run it without restriction. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/gEARXY

Hewlett Packard LaserJet MFP devices: PJL interface Directory Traversal Vulnerability

Users of Hewlett Packard LaserJet MFP devices please be advised of a Directory Traversal vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

n.runs-SA-2010.003: [n.runs-SA-2010.003] Hewlett Packard LaserJet MFP devices - Directory Traversal in PJL interface

Affected Products: Various HP LaserJet MFP devices

Description: A directory traversal vulnerability has been found in the PJL file system access interface of various HP LaserJet MFP devices. File system access through PJL is usually restricted to a specific part of the file system. Using a pathname such as 0:...... it is possible to get access to the complete file system of the device. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hFwJBK

Hewlett Packard LaserJet MFP devices: PJL interface Directory Traversal Vulnerability http://bit.ly/hFwJBK

Concurrent Version System (CVS): Moderate Update Fix Security Vulnerability

Users of Concurrent Version System (CVS) please be advised of a Moderate update fix security vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0918-01: [RHSA-2010:0918-01] Moderate: cvs security update

Product: Red Hat Enterprise Linux

Synopsis: Moderate: cvs security update

Summary: An updated cvs package that fixes one security issue is now available for Red Hat Enterprise Linux 6.

Description: Concurrent Version System (CVS) is a version control system that can record the history of your files. An array index error, leading to a heap-based buffer overflow, was found in the way CVS applied certain delta fragment changes from input files in the RCS (Revision Control System file) format. If an attacker in control of a CVS repository stored a specially-crafted RCS file in that repository, and then tricked a remote victim into checking out (updating their CVS repository tree) a revision containing that file, it could lead to arbitrary code execution with the privileges of the CVS server process on the system hosting the CVS repository. (CVE-2010-3846) Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/grcofG

Php: Moderate Security Update http://bit.ly/hB3Kvn

Php: Moderate Security Update

Users of Php please be advised of a Moderate security update that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0919-01: [RHSA-2010:0919-01] Moderate: php security update

Product: Red Hat Enterprise Linux

Synopsis: Moderate: php security update

Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. An input validation flaw was discovered in the PHP session serializer. If a PHP script generated session variable names from untrusted user input, a remote attacker could use this flaw to inject an arbitrary variable into the PHP session. (CVE-2010-3065) An information leak flaw was discovered in the PHP var_export() function implementation. If some fatal error occurred during the execution of this function (such as the exhaustion of memory or script execution time limit), part of the function's output was sent to the user as script output, possibly leading to the disclosure of sensitive information. (CVE-2010-2531) Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hB3Kvn

Service Console kernel: Update Fix Stack Pointer Underflow Vulnerability http://bit.ly/i2VgMj

Service Console kernel: Update Fix Stack Pointer Underflow Vulnerability

Users of Service Console kernel please be advised of an update fix stack pointer underflow vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

VMSA-2010-0017: [VMSA-2010-0017] VMware ESX third party update for Service Console kernel

Problem Description a. Service Console OS update for COS kernel package. This patch updates the Service Console kernel to fix a stack pointer underflow issue in the 32-bit compatibility layer. Exploitation of this issue could allow a local user to gain additional privileges. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-3081 to this issue. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/i2VgMj

New Wireshark Packages: Fix Denial of Service Vulnerability http://bit.ly/gVPoXh

New Wireshark Packages: Fix Denial of Service Vulnerability

Users of wireshark please be advised of denial of service vulnerability in that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

DSA-2127-1: [DSA-2127-1] New wireshark packages fix denial of service

Package : wireshark Vulnerability : denial of service

A flaw has been found in wireshark, a network protocol analyzer. It was found that the ASN.1 BER dissector was susceptible to a stack overflow, causing the application to crash. For the stable distribution (lenny), the problem has been fixed in version 1.0.2-3+lenny11. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 1.2.11-3. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/gVPoXh

Wireshark: Heap-based Buffer-overflow Vulnerability http://bit.ly/evQAZS

Wireshark: Heap-based Buffer-overflow Vulnerability

Users of Wireshark please be advised of a Heap-based buffer overflow vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

MDVSA-2010:242: [MDVSA-2010:242] wireshark Buffer-overflow

Problem Description: This advisory updates wireshark to the latest version (1.2.13), fixing one security issue: Heap-based buffer overflow in the dissect_ldss_transfer function (epan/dissectors/packet-ldss.c) in the LDSS dissector in Wireshark 1.2.0 through 1.2.12 and 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an LDSS packet with a long digest line that triggers memory corruption (CVE-2010-4300). Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/evQAZS

Joomla: Insufficient Anti-automation and Abuse of Functionality Vulnerabilities

Users of Joomla please be advised of an Insufficient Anti-automation and Abuse of Functionality Vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

SecurityVulns ID: 11272: Vulnerabilities in Joomla

Affected products: ------------------------- Vulnerable are all versions of Joomla with corresponding functionality (Joomla! 1.5.22 and previous versions).

Details: ---------- In details about such vulnerabilities, about sending of spam via web sites and creating of spam-botnets it's possible to read in my article Sending spam via sites and creating spam-botnets (http://www.webappsec.org/lists/websecurity/archive/2010-07/msg00099.html).

I want to warn you about Insufficient Anti-automation and Abuse of Functionality vulnerabilities in Joomla. Vulnerabilities exist in component com_contact, which is a core component of Joomla. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hdK77q

Joomla: Insufficient Anti-automation and Abuse of Functionality Vulnerabilities http://bit.ly/hdK77q

NoScript (2.0.5.1< less ): Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) Vulnerability http://bit.ly/goR5JX

NoScript (2.0.5.1< less ): Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) Vulnerability

Users of NoScript (2.0.5.1 < less ) please be advised of a Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI) vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

NoScript-SA-11/27/2010: NoScript (2.0.5.1 < less ) - Bypass "Reflective XSS" through Union SQL Poisoning Trick (SQLXSSI)

NoScript fails to detect the reflective XSS from trusted domains when an attack is conducted through SQLXSSI. The bypass in NoScript has been successfully conducted by using "Reflective XSS" through Union SQL poisoning attacks by exploiting the reverted errors in the browser. The attack string used to bypass is stated below Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/goR5JX

Linux 2.6.26: Fix Privilege Escalation, Denial of Service, Information Leak Vulnerabilities http://bit.ly/fJdNsu

Linux 2.6.26: Fix Privilege Escalation, Denial of Service, Information Leak Vulnerabilities

Users of Linux 2.6.26 please be advised of a privilege escalation, denial of service, information leak vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

DSA 2126-1: [DSA 2126-1] New Linux 2.6.26 packages fix several issues

Package : linux-2.6 Vulnerability : privilege escalation/denial of service/information leak

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leak. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-2963 Kees Cook discovered an issue in the v4l 32-bit compatibility layer for 64-bit systems that allows local users with /dev/video write permission to overwrite arbitrary kernel memory, potentially leading to a privilege escalation. On Debian systems, access to /dev/video devices is restricted to members of the 'video' group by default. CVE-2010-3067 Tavis Ormandy discovered an issue in the io_submit system call. Local users can cause an integer overflow resulting in a denial of service.

Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fJdNsu

Easy Banner Free: SQL Injection Vulnerability

Users of Easy Banner Free please be advised of a SQL injection vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

EV0147: [EV0147] SQL injection Auth Bypass in Easy Banner Free

Software: Easy Banner Free

Type: SQL injection

--------Description-------- Vulnerability exists in member.php script. User-defined parameters username and password are not properly sanitized against SQL injections. This can be used to bypass authentication or execute arbitrary SQL query. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fmnPLn