Debian update for tdiary
Verfasst von Stefan unter Bugs / Fehlermeldungen am Donnerstag 11. März 2010
Debian update for tdiary
SECUNIA ADVISORY ID: SA38868
VERIFY ADVISORY: http://secunia.com/advisories/38868/
DESCRIPTION: Debian has issued an update for tdiary. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
For more information: SA38742
SOLUTION: Apply updated packages.
– Debian GNU/Linux 5.0 alias lenny –
Source archives:
http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.2.1-1+lenny1.dsc Size/MD5 checksum: 1083 3256337487cc7177ac6a20a5815c2e5e http://security.debian.org/pool/updates/main/t/tdiary/tdiary_2.2.1-1+lenny1.diff.gz Size/MD5 checksum: 28848 47109a3e807f5595fb580a3eed3ce2a6 [...]
NUs Newssystem “id” SQL Injection Vulnerability
Verfasst von Stefan unter Bugs / Fehlermeldungen am Mittwoch 10. März 2010
NUs Newssystem “id” SQL Injection Vulnerability
SECUNIA ADVISORY ID: SA38890
VERIFY ADVISORY: http://secunia.com/advisories/38890/
DESCRIPTION: A vulnerability has been discovered in NUs Newssystem, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the “id” parameter in NUs.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate [...]
Fedora update for samba
Verfasst von Stefan unter Bugs / Fehlermeldungen am Mittwoch 10. März 2010
Fedora update for samba
SECUNIA ADVISORY ID: SA38876
VERIFY ADVISORY: http://secunia.com/advisories/38876/
DESCRIPTION: Fedora has issued an update for samba. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.
For more information: SA38804
SOLUTION: Apply updated packages via the yum utility (“yum update samba”).
ORIGINAL ADVISORY: FEDORA-2010-4050: https://admin.fedoraproject.org/updates/samba-3.4.7-0.50.fc11
OTHER REFERENCES: SA38804: http://secunia.com/advisories/38804/
———————————————————————-
About: This Advisory was [...]
Kandidat CMS “contentcenter” Cross-Site Scripting Vulnerability
Verfasst von Stefan unter Bugs / Fehlermeldungen am Mittwoch 10. März 2010
Kandidat CMS “contentcenter” Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID: SA38912
VERIFY ADVISORY: http://secunia.com/advisories/38912/
DESCRIPTION: A vulnerability has been discovered in Kandidat CMS, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the “contentcenter” parameter in media/upload.php is not properly sanitised before being returned to the user. This can be exploited to execute [...]
Jevci Siparis Formu Database Disclosure Security Issue
Verfasst von Stefan unter Bugs / Fehlermeldungen am Mittwoch 10. März 2010
Jevci Siparis Formu Database Disclosure Security Issue
SECUNIA ADVISORY ID: SA38893
VERIFY ADVISORY: http://secunia.com/advisories/38893/
DESCRIPTION: A security issue has been reported in Jevci Siparis Formu, which can be exploited by malicious people to disclose sensitive information.
The security issue is caused due to the “siparis.mdb” database file being stored with insecure permissions inside the web root. This can [...]
MH Products Kleinanzeigenmarkt “c” SQL Injection Vulnerability
Verfasst von Stefan unter Bugs / Fehlermeldungen am Mittwoch 10. März 2010
MH Products Kleinanzeigenmarkt “c” SQL Injection Vulnerability
SECUNIA ADVISORY ID: SA38897
VERIFY ADVISORY: http://secunia.com/advisories/38897/
DESCRIPTION: A vulnerability has been reported in MH Products Kleinanzeigenmarkt , which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the “c” parameter to search.php is not properly sanitised before being used in a SQL query. This can [...]
Employee Timeclock Software Multiple Vulnerabilities
Verfasst von Stefan unter Bugs / Fehlermeldungen am Mittwoch 10. März 2010
Employee Timeclock Software Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA38739
VERIFY ADVISORY: http://secunia.com/advisories/38739/
DESCRIPTION: Secunia Research has discovered some vulnerabilities in Employee Timeclock Software, which can be exploited by malicious, local users to disclose sensitive information and by malicious people to disclose sensitive information and conduct SQL injection attacks.
1) The database backup functionality stores the database backup with [...]
Apache HTTP Server “mod_isapi” Module Unloading Vulnerability
Verfasst von Stefan unter Bugs / Fehlermeldungen am Mittwoch 10. März 2010
Apache HTTP Server “mod_isapi” Module Unloading Vulnerability
SECUNIA ADVISORY ID: SA38852
VERIFY ADVISORY: http://secunia.com/advisories/38852/
DESCRIPTION: A vulnerability has been reported in Apache HTTP Server, which can be exploited by malicious people to potentially compromise a vulnerable system.
For more information see vulnerability #2 in: SA38776
SOLUTION: Fixed in the SVN repository. http://svn.apache.org/viewvc?view=revision&revision=920961
ORIGINAL ADVISORY: http://httpd.apache.org/security/vulnerabilities_20.html
OTHER REFERENCES: SA38776: http://secunia.com/advisories/38776/
———————————————————————-
About: This Advisory [...]
XnView DICOM Parsing Integer Overflow Vulnerability
Verfasst von Stefan unter Bugs / Fehlermeldungen am Mittwoch 10. März 2010
XnView DICOM Parsing Integer Overflow Vulnerability
SECUNIA ADVISORY ID: SA37673
VERIFY ADVISORY: http://secunia.com/advisories/37673/
DESCRIPTION: Secunia Research has discovered a vulnerability in XnView, which potentially can be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a [...]
Ausführen beliebigen Programmcodes mit Benutzerrechten möglich
Verfasst von Stefan unter Bugs / Fehlermeldungen am Mittwoch 10. März 2010
CERT-Bund Meldung —————–
KURZINFO CB-K10/0095 Titel: Microsoft Internet Explorer: Ausführen beliebigen Programmcodes mit Benutzerrechten möglich Datum: 10.03.2010 Software: Microsoft Internet [...]
