Archiv für 2. Februar 2010

Cisco Secure Desktop Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA38397 VERIFY ADVISORY: http://secunia.com/advisories/38397/ DESCRIPTION: A vulnerability has been reported in Cisco Secure Desktop, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via a POST request to the “/translation” script of the web interface is not properly sanitised before being [...]

Linux Kernel 2.4 e1000 Denial of Service Vulnerability SECUNIA ADVISORY ID: SA38394 VERIFY ADVISORY: http://secunia.com/advisories/38394/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in the “e1000_clean_rx_irq()” function in drivers/net/e1000/e1000_main.c. For more [...]

lighttpd Slow Request Denial of Service Vulnerability SECUNIA ADVISORY ID: SA38403 VERIFY ADVISORY: http://secunia.com/advisories/38403/ DESCRIPTION: A vulnerability has been reported in lighttpd, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to the server allocating several kilobytes of heap memory for each received network packet. [...]

(nv2) Awards “id” SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38407 VERIFY ADVISORY: http://secunia.com/advisories/38407/ DESCRIPTION: A vulnerability has been reported in (nv2) Awards, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the “id” parameter in index.php (if “autocom” is set to “awards” and “do” is set to “view”) is [...]

jBCrypt Character Encoding Security Issue SECUNIA ADVISORY ID: SA38432 VERIFY ADVISORY: http://secunia.com/advisories/38432/ DESCRIPTION: A security issue has been reported in jBCrypt, which can potentially be exploited by malicious people to conduct brute-force attacks. The security issue is caused due to the application replacing non-US-ASCII characters in passwords with a “?” character before building the hash, [...]

IBM Java TLS Session Renegotiation Plaintext Injection SECUNIA ADVISORY ID: SA38355 VERIFY ADVISORY: http://secunia.com/advisories/38355/ DESCRIPTION: IBM has acknowledged a vulnerability in IBM Java, which can be exploited by malicious people to manipulate certain data. This is related to: SA37291 The vulnerability is reported in IBM Java version 6 SR7 and earlier, IBM Java version 5.0 [...]

Adobe ColdFusion Solr Collections Information Disclosure SECUNIA ADVISORY ID: SA38387 VERIFY ADVISORY: http://secunia.com/advisories/38387/ DESCRIPTION: A vulnerability has been reported in Adobe ColdFusion, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to access to collections created by the Solr service being unrestricted. This can be exploited to search [...]

Fedora update for fuse SECUNIA ADVISORY ID: SA38287 VERIFY ADVISORY: http://secunia.com/advisories/38287/ DESCRIPTION: Fedora has issued an update for fuse. This fixes a security issue, which can be exploited by malicious, local users to cause a DoS (Denial of Service). For more information: SA38261 SOLUTION: Apply updated packages via the yum utility (“yum update fuse”). ORIGINAL [...]

Fedora update for gzip SECUNIA ADVISORY ID: SA38312 VERIFY ADVISORY: http://secunia.com/advisories/38312/ DESCRIPTION: Fedora has issued an update for gzip. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user’s system. For more information: SA38132 SA38220 SOLUTION: Apply updated packages via the yum [...]

VMware Products JRE Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38438 VERIFY ADVISORY: http://secunia.com/advisories/38438/ DESCRIPTION: Some vulnerabilities have been reported in multiple VMware products, which can be exploited by malicious people to potentially disclose sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a user’s system. For more information: SA37231 The vulnerabilities [...]