HP-UX UNIX: Security Bulletin Notification

Users of HP-UX UNIX please be advised of a Security Bulletin Notification that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

HPSBUX02579 SSRT100203 rev.1: Your HP-UX UNIX Security Bulletin Notification

>>> Your latest support related updates: HPSBUX02579 SSRT100203 rev.1 - HP-UX Apache Running Tomcat Servlet Engine, Remote Information Disclosure, Unauthorized Modification, Denial of Service (DoS) (ITRC Login Required) Content Type: HP-UX security bulletins digest PRIORITY: Critical OS: HP-UX,UNIX Release Date: 11/23/2010 URL: http://alerts.hp.com/r?2.1.3KT.2ZR.%5foVLW.FHin4o..T.VQ%5fM.3vXc.bW89MQ%5f%5fDGPUFSE0 Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/eyec0k

HP-UX UNIX: Security Bulletin Notification http://bit.ly/eyec0k

Mono: Untrusted Search Path Vulnerability http://bit.ly/fuEARq

Mono: Untrusted Search Path Vulnerability

Users of Mono please be advised of an untrusted search path vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

MDVSA-2010:240: [MDVSA-2010:240] mono Untrusted Search Path

Problem Description: A vulnerability was discovered and corrected in mono: Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-4159). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fuEARq

Gnucash: Privilege-Escalation Vulnerability http://bit.ly/fnYlVZ

Gnucash: Privilege-Escalation Vulnerability

Users of gnucash please be advised of a privilege-escalation vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

MDVSA-2010:241: [MDVSA-2010:241] gnucash privilege-escalation

Problem Description: A vulnerability was discovered and corrected in gnucash: gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory (CVE-2010-3999). The affected /usr/bin/gnc-test-env file has been removed to mitigate the CVE-2010-3999 vulnerability as gnc-test-env is only used for tests and while building gnucash.

Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fnYlVZ

Kernel: Buffer-Overflow, Race Condition, Denial-of-Service Vulnerabilities http://bit.ly/ePWNyK

Kernel: Buffer-Overflow, Race Condition, Denial-of-Service Vulnerabilities

Users of kernel please be advised of a buffer-overflow, race condition, denial-of-service Vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0907-01: [RHSA-2010:0907-01] kernel buffer-overflow, race condition, denial-of-service

Product: Red Hat Enterprise Linux

Summary: Updated kernel packages that fix one security issue and four bugs are now available for Red Hat Enterprise Linux 5.4 Extended Update Support.

Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issue: * Buffer overflow flaws were found in the Linux kernel's implementation of the server-side External Data Representation (XDR) for the Network File System (NFS) version 4. An attacker on the local network could send a specially-crafted large compound request to the NFSv4 server, which could possibly result in a kernel panic (denial of service) or, potentially, code execution. (CVE-2010-2521, Important)

* A race condition existed when generating new process IDs with the result that the wrong process could have been signaled or killed accidentally, leading to various application faults. This update detects and disallows the reuse of PID numbers. (BZ#638865) Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/ePWNyK

Postgresql: Updated Packages Fix Privilege Escalation Vulnerability

Users of Postgresql please be advised of a Updated packages fix privilege escalation vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

RHSA-2010:0908-01: [RHSA-2010:0908-01] postgresql: Moderate Advisory

Product: Red Hat Enterprise Linux

Summary: Updated postgresql packages that fix one security issue are now available for Red Hat Enterprise Linux 6.

Description:

It was discovered that a user could utilize the features of the PL/Perl and PL/Tcl languages to modify the behavior of a SECURITY DEFINER function created by a different user. If the PL/Perl or PL/Tcl language was used to implement a SECURITY DEFINER function, an authenticated database user could use a PL/Perl or PL/Tcl script to modify the behavior of that function during subsequent calls in the same session. This would result in the modified or injected code also being executed with the privileges of the user who created the SECURITY DEFINER function, possibly leading to privilege escalation. (CVE-2010-3433) Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fpmc1G

Postgresql: Updated Packages Fix Privilege Escalation Vulnerability http://bit.ly/fpmc1G

Hot Links Lite: url XSS (Cross Site Scripting) Vulnerability http://bit.ly/eP0w0w

Hot Links Lite: url XSS (Cross Site Scripting) Vulnerability

Users of Hot Links Lite please be advised of a XSS (Cross Site Scripting) vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

EV0142: [eVuln.com] url XSS in Hot Links Lite

Software: Hot Links Lite

Type: Cross Site Scripting

--------Description-------- XSS vulnerability found in url parameter of process.cgi script. This can be used to insert any script code. Admin panel is vulnerable also. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/eP0w0w

Hot Links SQL 3 (CGI version): SQL Injection Vulnerability http://bit.ly/hA3xdi

Hot Links SQL 3 (CGI version): SQL Injection Vulnerability

Users of Hot Links SQL (CGI version) please be advised of a SQL injection vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

EV0141: report.cgi SQL inj in Hot Links SQL (CGI version)

Software: Hot Links SQL 3

Type: SQL injection

--------Description-------- SQL injection found in id parameter of report.cgi script. This can be used to make any SQL query by injecting arbitrary SQL code. This vulnerability found in CGI version of Hot Links SQL 3. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hA3xdi

vBulletin 4.0.8 PL1: XSS (Cross Site Scripting) Filter Bypass Vulnerability within Profile Customization http://bit.ly/f9vuNe

vBulletin 4.0.8 PL1: XSS (Cross Site Scripting) Filter Bypass Vulnerability within Profile Customization

Users of vBulletin 4.0.8 PL1 please be advised of a XSS (Cross Site Scripting) Filter Bypass vulnerability within Profile Customization that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

vBulletin-SA-11/23/2010: vBulletin 4.0.8 PL1 - XSS Filter Bypass within Profile Customization

-:: The Advisory ::- vBulletin is prone to a Persistent Cross Site Scripting vulnerability within the Profile Customization feature. If this feature is not enabled the vulnerability does not exist and the installation of vBulletin is thereby secure. Within the profile customization fields, it is possible to enter colour codes, rgb codes and even images. The image url() function does not sanitize user input in a sufficient way causing vBulletin to be vulnerable to XSS attacks. With the previous patch for vBulletin 4.0.8 PL1, most attacks were disabled however it is possible to bypass this filter and inject data which is then executed effectively against though not limited to Internet Explorer 6. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/f9vuNe

Apache Tomcat Manager Application: XSS (Cross-Site Scripting) Vulnerability http://bit.ly/gkXRni

Apache Tomcat Manager Application: XSS (Cross-Site Scripting) Vulnerability

Users of Apache Tomcat Manager application please be advised of a XSS (cross-site scripting) vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

Apache-SA-11/22/2010: CVE-2010-4172: Apache Tomcat Manager application XSS vulnerability

Description: The session list screen (provided by sessionList.jsp) in affected versions uses the orderBy and sort request parameters without applying filtering and therefore is vulnerable to a cross-site scripting attack. Users should be aware that Tomcat 6 does not use httpOnly for session cookies by default so this vulnerability could expose session cookies from the manager application to an attacker. A review of the Manager application by the Apache Tomcat security team identified additional XSS vulnerabilities if the web applications deployed were not trusted. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/gkXRni

iOS 4.2: Multiple Vulnerabilities http://bit.ly/gALq2x

iOS 4.2: Multiple Vulnerabilities

Users of iOS 4.2 please be advised of multiple vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

APPLE-SA-2010-11-22-1: [APPLE-SA-2010-11-22-1] iOS 4.2 - Multiple Vulnerabilities

Description: A signature validation issue exists in the handling of configuration profiles. A maliciously crafted configuration profile may appear to have a valid signature in the configuration installation utility. This issue is addressed through improved validation of profile signatures.

Description: Multiple vulnerabilities exist in FreeType 2.4.1, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2.

Description: A heap buffer overflow exists in FreeType's handling of TrueType opcodes. Viewing a PDF document with maliciously crafted embedded fonts may lead to an unexpected application termination or arbitrary code execution. This update addresses the issue through improved bounds checking. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/gALq2x

Apple TV 4.1: Multiple Vulnerabilities http://bit.ly/f97zOc

Apple TV 4.1: Multiple Vulnerabilities

Users of Apple TV 4.1 please be advised of Multiple vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

APPLE-SA-2010-11-22-2: [APPLE-SA-2010-11-22-2] Apple TV 4.1 - Multiple Issues

Available for: Apple TV 4.0

Impact: Multiple vulnerabilities in FreeType Description: Multiple vulnerabilities exist in FreeType, the most serious of which may lead to arbitrary code execution when processing a maliciously crafted font. These issues are addressed by updating FreeType to version 2.4.2. Further information is available via the FreeType site at http://www.freetype.org/

Impact: Multiple vulnerabilities in libpng Description: libpng is updated to version 1.4.3 to address multiple vulnerabilities, the most serious of which may lead to arbitrary code execution. Further information is available via the libpng website at http://www.libpng.org/pub/png/libpng.html Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/f97zOc

OpenSSL TLS Server: Buffer Overflow Vulnerability http://bit.ly/iapcEZ

OpenSSL TLS Server: Buffer Overflow Vulnerability

Users of OpenSSL TLS server please be advised of a buffer overflow vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

DSA-2125-1: [DSA-2125-1] openssl - buffer overflow Issue

Vulnerability : buffer overflow

A flaw has been found in the OpenSSL TLS server extension code parsing which on affected servers can be exploited in a buffer overrun attack. This allows an attacker to cause an appliation crash or potentially to execute arbitrary code. However, not all OpenSSL based SSL/TLS servers are vulnerable: A server is vulnerable if it is multi-threaded and uses OpenSSL's internal caching mechanism. In particular the Apache HTTP server (which never uses OpenSSL internal caching) and Stunnel (which includes its own workaround) are NOT affected. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/iapcEZ

ImageIO: Memory Corruption Vulnerability http://bit.ly/foEKtW

ImageIO: Memory Corruption Vulnerability

Users of ImageIO please be advised of a Memory Corruption vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

NGS00015: Patch Notification: ImageIO Memory Corruption

Dominic Chell of NGS Secure has discovered a high risk memory corruption vulnerability affecting the ImageIO rendering framework. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. This issue can be remotely (client-side) exploited through any application using the framework including Mail, Safari and QuickLook. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/foEKtW

OpenSSL: New Packages Fix Multiple Security Vulnerabilities http://bit.ly/gnMFlX

OpenSSL: New Packages Fix Multiple Security Vulnerabilities

Users of openssl please be advised of a new packages fix multiple security Vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

SSA:2010-326-01: [SSA:2010-326-01] openssl - Multiple Issues

New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues.

Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/gnMFlX

'Free Simple Software': SQL Injection Vulnerability http://bit.ly/fphgP2

'Free Simple Software': SQL Injection Vulnerability

Users of 'Free Simple Software' please be advised of a SQL Injection vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

Free Simple Software-SA-11/21/2010: 'Free Simple Software' SQL Injection Vulnerability (CVE-2010-4298)

DESCRIPTION --------------------------------------- A vulnerability exists in the 'Free Simple Software' download module which allows for a 'UNION SELECT' to easily expose the application administrator's plaintext password. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fphgP2

Xpdf: New Packages Fix Multiple Security Vulnerabilities http://bit.ly/haAmjz

Xpdf: New Packages Fix Multiple Security Vulnerabilities

Users of xpdf please be advised of a new packages fix multiple security Vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

SSA:2010-324-01: [SSA:2010-324-01] xpdf - Multiple Issues

New xpdf packages are available for Slackware 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/haAmjz

Poppler: New Packages Fix Security Vulnerabilities

Users of poppler please be advised of a New packages fix security Vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

SSA:2010-324-02: [SSA:2010-324-02] poppler - Multiple Issues

New poppler packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix security issues. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/eB2Yh6

Poppler: New Packages Fix Security Vulnerabilities http://bit.ly/eB2Yh6

CompactCMS: XSS (Cross Site Scripting) Vulnerability http://bit.ly/gEUmiU

CompactCMS: XSS (Cross Site Scripting) Vulnerability

Users of CompactCMS please be advised of a XSS (Cross Site Scripting) vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

HTB22696: XSS in CompactCMS

Product: CompactCMS

Vulnerability Type: XSS (Cross Site Scripting)

Vulnerability Details: User can execute arbitrary JavaScript code within the vulnerable application. The vulnerability exists due to failure in the "/lib/includes/auth.inc.php" script to properly sanitize user-supplied input in "userName" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/gEUmiU

ImageIO: PSD Memory Corruption Vulnerability

Users of ImageIO please be advised of a PSD Memory Corruption vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

ImageIO-SA-11/19/2010: ImageIO - PSD Memory Corruption Issue

Dominic Chell of NGS Secure has discovered a high risk memory corruption vulnerability affecting the ImageIO rendering framework. Viewing a maliciously crafted PSD image may lead to an unexpected application termination or arbitrary code execution. This issue can be remotely (client-side) exploited through any application using the framework including Mail, Safari and QuickLook. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/gkYRMz

ImageIO: PSD Memory Corruption Vulnerability http://bit.ly/gkYRMz

Php: GC Corruption Vulnerability

Users of php please be advised of a GC Corruption vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

MDVSA-2010:239: [MDVSA-2010:239] php - GC Corruption Issue

Problem Description: A possible double free flaw was found in the imap extension for php (CVE-2010-4150). A GC corrupting flaw was found in Zend/zend_gc.c for php-5.3.x that under certain circumstances could case a segmention fault (crash). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/ejHigd

Php: GC Corruption Vulnerability http://bit.ly/ejHigd

CMS SiteLogic: Multiple Vulnerabilities http://bit.ly/dV3Szx

CMS SiteLogic: Multiple Vulnerabilities

Users of CMS SiteLogic please be advised of Multiple Vulnerabiliities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

CMS SiteLogic-SA-11/19/2010: CMS SiteLogic - Multiple Issues

Affected products: ------------------------- Vulnerable are all versions of CMS SiteLogic with corresponding functionality.

I want to warn you about Insufficient Anti-automation and Denial of Service vulnerabilities in CMS SiteLogic (in addition to those multiple vulnerabilities in CMS SiteLogic which I disclosed in 2009-2010). It's Ukrainian commercial CMS. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/dV3Szx

CMS SiteLogic: Multiple Vulnerabilities

Users of CMS SiteLogic please be advised of Multiple vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

11258: New vulnerabilities in CMS SiteLogic

Affected products: ------------------------- Vulnerable are all versions of CMS SiteLogic with corresponding functionality.

I want to warn you about Insufficient Anti-automation and Denial of Service vulnerabilities in CMS SiteLogic (in addition to those multiple vulnerabilities in CMS SiteLogic which I disclosed in 2009-2010). It's Ukrainian commercial CMS. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hqH6Lw

CMS SiteLogic: Multiple Vulnerabilities http://bit.ly/hqH6Lw

Apple Safari: Use-after-free Arbitrary Code Execution Vulnerability

Users of Apple Safari please be advised of an Arbitrary Code Execution vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

VUPEN-SR-2010-246: [VUPEN-SR-2010-246] Apple Safari - Use-after-free Vulnerability

DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free in WebKit when handling selections, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hnzgQU

Apple Safari: Use-after-free Arbitrary Code Execution Vulnerability http://bit.ly/hnzgQU

Apple Safari: Use-after-free Arbitrary Code Execution Vulnerability http://bit.ly/dEMKdr

Apple Safari: Use-after-free Arbitrary Code Execution Vulnerability

Users of Apple Safari please be advised of an arbitrary code execution vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

VUPEN-SR-2010-245: [VUPEN-SR-2010-245] Apple Safari - Use-after-free Issue

DESCRIPTION --------------------- VUPEN Vulnerability Research Team discovered a critical vulnerability in Apple Safari. The vulnerability is caused by a use-after-free in WebKit when handling scrollbars, which could be exploited by remote attackers to execute arbitrary code by tricking a user into visiting a specially crafted web page. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/dEMKdr

Safari 4.1.3 and Safari 5.0.3: Arbitrary Code Execution Vulnerability http://bit.ly/fmXmpr

Safari 4.1.3 and Safari 5.0.3: Arbitrary Code Execution Vulnerability

Users of Safari 5.0.3 and Safari 4.1.3 please be advised of an arbitrary code execution vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

APPLE-SA-2010-11-18-1: [APPLE-SA-2010-11-18-1] Safari 5.0.3 and Safari 4.1.3

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: An integer overflow exists in WebKit's handling of strings. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to J23 for reporting this issue.

Impact: Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution Description: A use after free issue exists in WebKit's handling of scrollbars. Visiting a maliciously crafted website may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved memory management. Credit to thabermann for reporting this issue. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fmXmpr

IceBB: SQL injection Vulnerability

Users of IceBB please be advised of a SQL injection vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

HTB22688: SQL injection in IceBB

Product: IceBB

Vulnerability Type: SQL Injection

Vulnerability Details: The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "gmt" variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fnm1gF

IceBB: SQL injection Vulnerability http://bit.ly/fnm1gF

CompactCMS: SQL injection Vulnerability

Users of CompactCMS please be advised of a SQL injection vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

HTB22697: SQL injection in CompactCMS

Product: CompactCMS

Vulnerability Type: SQL Injection

Vulnerability Details: The vulnerability exists due to failure in the "News" module to properly sanitize user-supplied input in "id" variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database.Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/ejUsJc

CLANSPHERE: Path Disclosure Vulnerability

Users of CLANSPHERE please be advised of a Path disclosure vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

HTB22692: Path disclosure in CLANSPHERE

Product: CLANSPHERE

Vulnerability Type: Path disclosure

Vulnerability Details: A remote user can determine the full path to the web root directory and other potentially sensitive information.Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/dPsUZQ

CLANSPHERE: SQL Injection Vulnerability

Users of CLANSPHERE please be advised of a SQL Injection vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

HTB22694: SQL Injection in CLANSPHERE

Product: CLANSPHERE

Vulnerability Type: SQL Injection

Vulnerability Details: The vulnerability exists due to failure in the "replays" module to properly sanitize user-supplied input in "where" variable. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/fFtiHR

CLANSPHERE: SQL Injection Vulnerability http://bit.ly/fFtiHR

CompactCMS: SQL injection Vulnerability http://bit.ly/ejUsJc

CLANSPHERE: XSS (Cross Site Scripting) Vulnerability http://bit.ly/gHdKBP

CLANSPHERE: XSS (Cross Site Scripting) Vulnerability

Users of CLANSPHERE please be advised of a XSS (Cross Site Scripting) vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

HTB22693: XSS in CLANSPHERE

Product: CLANSPHERE

Vulnerability Type: XSS (Cross Site Scripting)

Vulnerability Details: User can execute arbitrary JavaScript code within the vulnerable application. The vulnerability exists due to failure in the "/mods/gallery/print_now.php" script to properly sanitize user-supplied input in "pic" and "size" variables. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/gHdKBP

CLANSPHERE: Path Disclosure Vulnerability http://bit.ly/dPsUZQ

CLANSPHERE: BBcode XSS http://bit.ly/hr2LAo

CLANSPHERE: BBcode XSS

Users of CLANSPHERE please be advised of a BBcode XSS vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

HTB22691: BBcode XSS in CLANSPHERE

Product: CLANSPHERE

Vulnerability Type: BBcode XSS

Vulnerability Details: User can execute arbitrary JavaScript code within the vulnerable application. BBcode isn't properly sanitized. This can be used to post arbitrary script code. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/hr2LAo

IceBB: Path disclosure Vulnerability http://bit.ly/9kNByT

IceBB: Path disclosure Vulnerability

Users of IceBB please be advised of a Path disclosure vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

HTB22689: Path disclosure in IceBB

Product: IceBB

Vulnerability Type: Path disclosure

Vulnerability Details: The vulnerability exists in the "/modules/make_image.php" script. A remote user can determine the full path to the web root directory and other potentially sensitive information.Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/9kNByT

IceBB: Information Disclosure Vulnerability http://bit.ly/bNo8dA

IceBB: Information Disclosure Vulnerability

Users of IceBB please be advised of an Information disclosure vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

HTB22686: Information disclosure in IceBB

Product: IceBB

Vulnerability Type: Information Disclosure

Vulnerability Details: The vulnerability exists due to failure in the "/index.php" script to properly sanitize user-supplied input in "icebb_login_key" variable from cookie, it's possible to generate an sql query error that will reveal the database tables prefix.Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/bNo8dA

IceBB: Information Disclosure Vulnerability http://bit.ly/ah6NIA

IceBB: Information Disclosure Vulnerability

Users of IceBB please be advised of an Information disclosure vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

HTB22687: Information disclosure in IceBB

Product: IceBB

Vulnerability Type: Information Disclosure

Vulnerability Details: The vulnerability exists due to failure in the "/index.php" and "/admin/index.php" scripts to properly sanitize user-supplied input in "s" variable, it's possible to generate an sql query error that will reveal the database tables prefix. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/ah6NIA

chCounter

chCounter <= 3.1.3: Multiple vulnerabilities

Users of chCounter <= 3.1.3 please be advised of Multiple vulnerabilities that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

chCounte-SA-11/19/2010: Multiple vulnerabilities in chCounter <= 3.1.3

Multiple vulnerabilities were found in web application chCounter <= 3.1.3.

=SQLInjection= Location: administration/index.php?cat=downloads&edit= Affected parameters: anzahl

Description: When accessing administration/index.php?cat=downloads&edit=VALID_ID and using a valid download id, an attacker is able to manipulate the "anzahl" parameter to perform queries which only involve returning an integer. The query output will be sent back to the client in the "anzahl" text input.

=XSS= Location: administration/index.php?cat=downloads&edit= Affected parameters: anzahl and wert

Description: When accessing administration/index.php?cat=downloads&edit=VALID_ID and using a valid download id, an attacker is able to insert html tags in the "wert" parameter. Once the attacker has done that, manupulating "anzahl" parameter so that the result sql query is malformed will result in the injected code being parsed by the web browser.Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/9Kpcsf

OpenSSL: denial of service, arbitrary code execution Vulnerability http://bit.ly/cdkSdK

OpenSSL: denial of service, arbitrary code execution Vulnerability

Users of OpenSSL please be advised of a denial of service, arbitrary code execution vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

USN-1018-1: [USN-1018-1] OpenSSL vulnerability

Details follow: Rob Hulswit discovered a race condition in the OpenSSL TLS server extension parsing code when used within a threaded server. A remote attacker could trigger this flaw to cause a denial of service or possibly execute arbitrary code with application privileges. (CVE-2010-3864) Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/cdkSdK