Archiv für 1. Februar 2010

Joomla! Documents Seller Component “category_id” SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38410 VERIFY ADVISORY: http://secunia.com/advisories/38410/ DESCRIPTION: A vulnerability has been reported in the Documents Seller component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the “category_id” parameter in index.php (when “option” is set to “com_dms” and [...]

Joomla! jVideoDirect Component “v” SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38436 VERIFY ADVISORY: http://secunia.com/advisories/38436/ DESCRIPTION: A vulnerability has been discovered in the jVideoDirect component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the “v” parameter in index.php (when “option” is set to “com_jvideodirect”) is not properly [...]

MoinMoin Unspecified Vulnerability SECUNIA ADVISORY ID: SA38444 VERIFY ADVISORY: http://secunia.com/advisories/38444/ DESCRIPTION: A vulnerability with an unknown impact has been reported in MoinMoin. The vulnerability is caused due to an unspecified error. No further information is currently available. The vulnerability is reported in versions 1.5.0 through 1.9.1. SOLUTION: The vendor recommends to remove any user names [...]

Joomla! JE Quiz Component “eid” SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38412 VERIFY ADVISORY: http://secunia.com/advisories/38412/ DESCRIPTION: A vulnerability has been reported in the JE Quiz component for Joomla!, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the “eid” parameter in index.php (when “option” is set to “com_jequizmanagement” and [...]

Python expat Module XML Processing Denial of Service SECUNIA ADVISORY ID: SA38442 VERIFY ADVISORY: http://secunia.com/advisories/38442/ DESCRIPTION: Some vulnerabilities have been reported in Python, which can be exploited by malicious people to cause a DoS (Denial of Service). For more information: SA36425 SOLUTION: Update to version 2.5.5. ORIGINAL ADVISORY: http://www.python.org/download/releases/2.5.5/NEWS.txt OTHER REFERENCES: SA36425: http://secunia.com/advisories/36425/ ———————————————————————- About: [...]

Linux Kernel 64bit Personality Handling Denial of Service SECUNIA ADVISORY ID: SA38354 VERIFY ADVISORY: http://secunia.com/advisories/38354/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The vulnerability is caused due to an error when setting the personality of a process, [...]

phpunity.newsmanager “id” File Disclosure Vulnerability SECUNIA ADVISORY ID: SA38409 VERIFY ADVISORY: http://secunia.com/advisories/38409/ DESCRIPTION: A vulnerability has been discovered in phpunity.newsmanager, which can be exploited by malicious people to disclose potentially sensitive information. Input passed to the “id” parameter in misc/tell_a_friend/tell.php is not properly verified before being used to read files. This can be exploited to [...]

Vulnerability Summary for the Week of January 25, 2010 This bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) the week of January 25, 2010. It is available here: http://www.us-cert.gov/cas/bulletins/SB10-032.html For instructions on subscribing to or unsubscribing from this mailing [...]

CERT-Bund Meldung —————– KURZINFO CB-K10/0040 Titel: Samba, FUSE, ncpfs: Mehrere Schwachstellen Datum: 01.02.2010 Software: Open Source Samba , Red Hat Fedora 12, Red Hat Fedora 11 Plattform: UNIX, Linux Auswirkung: Denial-of-Service Remoteangriff: Nein Risiko: niedrig Bezug: https://admin.fedoraproject.org/updates/F11/FEDORA-2010-1190 BESCHREIBUNG Samba ist eine Open Source Software Suite, die Druck- und Dateidienste für SMB/CIFS Clients implementiert. FUSE (“Filesystem [...]

CERT-Bund Meldung —————– KURZINFO CB-K10/0001 UPDATE 1 Titel: Sendmail: Mehrere Schwachstellen Datum: 01.02.2010 Software: Open Source sendmail < 8.14.4 Plattform: UNIX, Linux Auswirkung: Umgehen von Sicherheitsvorkehrungen Remoteangriff: Ja Risiko: hoch Bezug: http://www.sendmail.org/releases/8.14.4 BESCHREIBUNG Sendmail ist ein Mail Transfer Agent für UNIX-Betriebssysteme. Ein Angreifer kann mehrere Schwachstellen in Sendmail ausnutzen, um dadurch die Vertraulichkeit, Integrität sowie [...]