Archiv für 1. März 2010

ScriptsFeed Dating Software “txtgender” and “txtlookgender” SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA38767 VERIFY ADVISORY: http://secunia.com/advisories/38767/ DESCRIPTION: Some vulnerabilities have been reported in ScriptsFeed Dating Software, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the “txtgender” and “txtlookgender” parameters in searchmatch.php is not properly sanitised before being used [...]

FtpDisc FTP “GET” Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA38724 VERIFY ADVISORY: http://secunia.com/advisories/38724/ DESCRIPTION: A vulnerability has been reported in FtpDisc, which can be exploited by malicious users to cause a DoS (Denial of Service) and potentially compromise the application. The vulnerability is caused due to a boundary error when processing certain FTP commands, which [...]

Joomla YaNC Component “listid” SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38780 VERIFY ADVISORY: http://secunia.com/advisories/38780/ DESCRIPTION: A vulnerability has been reported in the YaNC component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via the “listid” parameter to index.php (when “option” is set to “com_yanc”) is not properly [...]

IBM Lotus Domino Web Access Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38755 VERIFY ADVISORY: http://secunia.com/advisories/38755/ DESCRIPTION: Some vulnerabilities have been reported in IBM Lotus Domino Web Access, where some have an unknown impact and others can potentially be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks or to compromise a user’s [...]

Baykus Yemek Tarifleri Scripti SQL Injection Vulnerabilities SECUNIA ADVISORY ID: SA38760 VERIFY ADVISORY: http://secunia.com/advisories/38760/ DESCRIPTION: Some vulnerabilities have been discovered in Baykus Yemek Tarifleri Scripti, which can be exploited by malicious people to conduct SQL injection attacks. 1) Input passed to the “id” parameter in oku.php is not properly sanitised before being used in SQL [...]

Vulnerability Summary for the Week of February 22, 2010 This bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) the week of February 22, 2010. It is available here: http://www.us-cert.gov/cas/bulletins/SB10-060.html For instructions on subscribing to or unsubscribing from this mailing [...]

IBM Lotus Domino Web Access / iNotes ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA38681 VERIFY ADVISORY: http://secunia.com/advisories/38681/ DESCRIPTION: A vulnerability has been reported in IBM Lotus Domino Web Access / iNotes, which can be exploited by malicious people to compromise a user’s system. An unspecified error in the Domino Web Access ActiveX control can [...]

DeDeCMS Authentication Security Bypass SECUNIA ADVISORY ID: SA38790 VERIFY ADVISORY: http://secunia.com/advisories/38790/ DESCRIPTION: Wolves Security Team has discovered a vulnerability in DeDeCMS, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error within the authentication mechanism in include/userlogin.class.php, which can be exploited to bypass the authentication [...]

IBM Lotus Domino Web Access 6 ActiveX Control Buffer Overflow SECUNIA ADVISORY ID: SA38744 VERIFY ADVISORY: http://secunia.com/advisories/38744/ DESCRIPTION: A vulnerability has been reported in IBM Lotus Domino Web Access, which can be exploited by malicious people to compromise a user’s system. For more information: SA38681 SOLUTION: Set the kill-bit for the affected ActiveX controls. ORIGINAL [...]

CERT-Bund Meldung —————– KURZINFO CB-K10/0084 Titel: Novell eDirectory: Mehrere Schwachstellen Datum: 01.03.2010 Software: Novell eDirectory 8.8.5 Plattform: Windows Auswirkung: Ausführen beliebigen Programmcodes mit Benutzerrechten Remoteangriff: Ja Risiko: mittel Bezug: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4655 BESCHREIBUNG Novell eDirectory ist ein “plattformübergreifender” LDAP(“Lightweight” Directory Access “Protocol”) Server, der ebenfalls NCP over IP implementiert, welches als Basis für Novells Identity und Access [...]