Bug-Blog

ATutor Multiple Script Insertion Vulnerabilities

Verfasst von Stefan unter Bugs / Fehlermeldungen am Samstag 13. März 2010

ATutor Multiple Script Insertion Vulnerabilities
SECUNIA ADVISORY ID: SA38906
VERIFY ADVISORY: http://secunia.com/advisories/38906/
DESCRIPTION: Multiple vulnerabilities have been discovered in ATutor, which can be exploited by malicious users to conduct script insertion attacks.
Input passed via “Question” and “Choice” form fields in tools/polls/add.php when creating a poll, via “Type” and “Title” form fields in tools/groups/create_manual.php when creating a group, [...]

Keine Kommentare

Debian update for linux-2.6

Verfasst von Stefan unter Bugs / Fehlermeldungen am Samstag 13. März 2010

Debian update for linux-2.6
SECUNIA ADVISORY ID: SA38905
VERIFY ADVISORY: http://secunia.com/advisories/38905/
DESCRIPTION: Debian has issued an update for linux-2.6. This fixes a vulnerability and a security issue, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially gain escalated privileges.
For more information: SA37113 SA38502
SOLUTION: Apply updated [...]

Keine Kommentare

Fedora update for cups

Verfasst von Stefan unter Bugs / Fehlermeldungen am Samstag 13. März 2010

Fedora update for cups
SECUNIA ADVISORY ID: SA38927
VERIFY ADVISORY: http://secunia.com/advisories/38927/
DESCRIPTION: Fedora has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
For more information: SA37364
SOLUTION: Apply updated packages via the yum utility (“yum update cups”).
ORIGINAL ADVISORY: FEDORA-2010-3761: https://admin.fedoraproject.org/updates/cups-1.4.2-28.fc12
OTHER REFERENCES: SA37364: http://secunia.com/advisories/37364/
———————————————————————-
About: This [...]

Keine Kommentare

Apple Safari Multiple Vulnerabilities

Verfasst von Stefan unter Bugs / Fehlermeldungen am Samstag 13. März 2010

Apple Safari Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA38932
VERIFY ADVISORY: http://secunia.com/advisories/38932/
DESCRIPTION: Some vulnerabilities have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or compromise a user’s system.
1) A boundary error in ImageIO can be exploited to cause a buffer underflow and potentially execute arbitrary [...]

Keine Kommentare

Eros Webkatalog “id” SQL Injection Vulnerability

Verfasst von Stefan unter Bugs / Fehlermeldungen am Samstag 13. März 2010

Eros Webkatalog “id” SQL Injection Vulnerability
SECUNIA ADVISORY ID: SA38900
VERIFY ADVISORY: http://secunia.com/advisories/38900/
DESCRIPTION: Easy Laster has reported a vulnerability in Eros Webkatalog, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the “id” parameter in start.php (when “go” is set to “rubrik”) is not properly sanitised before being used in SQL [...]

Keine Kommentare

Unbound Memory Alignment Denial of Service

Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 12. März 2010

Unbound Memory Alignment Denial of Service
SECUNIA ADVISORY ID: SA38888
VERIFY ADVISORY: http://secunia.com/advisories/38888/
DESCRIPTION: A vulnerability has been reported in Unbound, which can potentially be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a memory alignment error, which can potentially be exploited to cause a crash on 64bit platforms.
The [...]

Keine Kommentare

Ubuntu update for MoinMoin

Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 12. März 2010

Ubuntu update for MoinMoin
SECUNIA ADVISORY ID: SA38874
VERIFY ADVISORY: http://secunia.com/advisories/38874/
DESCRIPTION: Ubuntu has issued an update for MoinMoin. This fixes some vulnerabilities, with an unknown impact.
For more information: SA38444
SOLUTION: Apply updated packages.
– Ubuntu 6.06 LTS –
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.5.diff.gz Size/MD5: 47842 c9de4722f63975d5b0d549f4541faefb http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.5.dsc Size/MD5: 711 4261e09e14aba68d31430e62fad58b96 http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.gz Size/MD5: 3975925 689ed7aa9619aa207398b996d68b4b87
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.2-1ubuntu2.5_all.deb Size/MD5: 1508744 e4635b7122dc5791d393c23a50442f59 http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.2-1ubuntu2.5_all.deb Size/MD5: 70056 [...]

Keine Kommentare

Debian update for moin

Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 12. März 2010

Debian update for moin
SECUNIA ADVISORY ID: SA38903
VERIFY ADVISORY: http://secunia.com/advisories/38903/
DESCRIPTION: Debian has issued an update for moin. This fixes multiple vulnerabilities with an unknown impact.
For more information: SA38444
SOLUTION: Apply updated packages.
– Debian (stable) –
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/m/moin/moin_1.7.1-3+lenny3.dsc Size/MD5 checksum: [...]

Keine Kommentare

IBM ENOVIA SmarTeam V5 “errMsg” Cross-Site Scripting Vulnerability

Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 12. März 2010

IBM ENOVIA SmarTeam V5 “errMsg” Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID: SA38878
VERIFY ADVISORY: http://secunia.com/advisories/38878/
DESCRIPTION: Yaniv Miron has reported a vulnerability in IBM ENOVIA SmarTeam V5, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the “errMsg” parameter in WebEditor/Authentication/LoginPage.aspx is not properly sanitised before being returned to the user. This [...]

Keine Kommentare

Debian update for egroupware

Verfasst von Stefan unter Bugs / Fehlermeldungen am Freitag 12. März 2010

Debian update for egroupware
SECUNIA ADVISORY ID: SA38924
VERIFY ADVISORY: http://secunia.com/advisories/38924/
DESCRIPTION: Debian has issued an update for egroupware. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system
For more information: SA38859
SOLUTION: Apply updated packages.
– Debian GNU/Linux 5.0 alias lenny –
Source archives:
http://security.debian.org/pool/updates/main/e/egroupware/egroupware_1.4.004-2.dfsg-4.2.diff.gz Size/MD5 checksum: 35229 1da727f1fb571ac148883ff1cd0d270d [...]

Keine Kommentare

ATutor Multiple Script Insertion Vulnerabilities

Debian update for linux-2.6

Fedora update for cups

Apple Safari Multiple Vulnerabilities

Eros Webkatalog “id” SQL Injection Vulnerability

Unbound Memory Alignment Denial of Service

Ubuntu update for MoinMoin

Debian update for moin

IBM ENOVIA SmarTeam V5 “errMsg” Cross-Site Scripting Vulnerability

Debian update for egroupware

Kalender

Meta

März 2010
M	D	M	D	F	S	S
« Feb
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31