Archiv für 3. März 2010

TYPO3 Calendar Base Extension SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38745 VERIFY ADVISORY: http://secunia.com/advisories/38745/ DESCRIPTION: A vulnerability has been reported in the Calendar Base extension for TYPO3, which can be exploited by malicious people to conduct SQL injection attacks. Certain unspecified input is not properly sanitised before being used in SQL queries. This can be [...]

SUSE update for kernel SECUNIA ADVISORY ID: SA38779 VERIFY ADVISORY: http://secunia.com/advisories/38779/ DESCRIPTION: SUSE has issued an update for the kernel. This fixes some security issues and some vulnerabilities, which can be exploited by malicious, local users to manipulate certain data, bypass certain security restrictions, disclose potentially sensitive information, cause a DoS (Denial of Service), and [...]

Oracle Siebel CRM Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA38806 VERIFY ADVISORY: http://secunia.com/advisories/38806/ DESCRIPTION: Yaniv Miron has reported a vulnerability in Oracle Siebel CRM, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the URL to htim_enu/start.swe is not properly sanitised before being returned to the user. This can [...]

ARISg “errmsg” Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA38793 VERIFY ADVISORY: http://secunia.com/advisories/38793/ DESCRIPTION: Yaniv Miron has reported a vulnerability in ARISg, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the “errmsg” parameter to wflogin.jsp is not properly sanitised before being returned to the user. This can be exploited [...]

DFD Cart Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA38635 VERIFY ADVISORY: http://secunia.com/advisories/38635/ DESCRIPTION: Russ McRee has discovered some vulnerabilities in DFD Cart, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. 1) Input passed to the “category” parameter in your.order.php and to the “category” [...]

Slackware update for openssl SECUNIA ADVISORY ID: SA38761 VERIFY ADVISORY: http://secunia.com/advisories/38761/ DESCRIPTION: Slackware has issued an update for openssl. This fixes some vulnerabilities, one of which has unknown impacts and others that can be exploited by malicious users and malicious people to cause a DoS (Denial of Service). For more information: SA28046 SA35128 SA37291 SA38200 [...]

Apache HTTP Server Multiple Vulnerabilities SECUNIA ADVISORY ID: SA38776 VERIFY ADVISORY: http://secunia.com/advisories/38776/ DESCRIPTION: Some vulnerabilities have been reported in Apache HTTP Server, where one has unknown impacts and others can be exploited by malicious people to gain access to potentially sensitive information or cause a DoS (Denial of Service). 1) The “ap_proxy_ajp_request()” function in modules/proxy/mod_proxy_ajp.c [...]

US-CERT Current Activity U.S. Census Bureau 2010 Census Campaign Warning Original release date: March 3, 2010 at 11:21 am Last revised: March 3, 2010 at 11:21 am US-CERT asks users to be vigilant during the U.S. Census Bureau’s 2010 Census campaign and to watch for potential census scams. According to the U.S. Census 2010 website, [...]

US-CERT Current Activity Microsoft Re-Releases Security Bulletin MS10-015 Original release date: March 3, 2010 at 10:02 am Last revised: March 3, 2010 at 10:02 am Microsoft has re-released the security update described in Microsoft Security Bulletin MS10-015. This release contains an updated installation package that does not allow the security update to be installed on [...]

CERT-Bund Meldung —————– KURZINFO CB-K10/0083 UPDATE 2 Titel: sudo: Schwachstellen ermöglichen Privilegienerweiterung Datum: 03.03.2010 Software: Open Source sudo 1.6.9 < 1.6.9p21, Open Source sudo 1.7.x < 1.7.2p4 Plattform: UNIX, Linux, MacOS X Auswirkung: Privilegieneskalation Remoteangriff: Nein Risiko: hoch Bezug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737 BESCHREIBUNG Mit dem Programm sudo können selektiv Root Privilegien an gewöhnliche Nutzer vergeben werden. Die [...]