Archiv für 5. März 2010

CA SiteMinder WebWorks Help Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA38842 VERIFY ADVISORY: http://secunia.com/advisories/38842/ DESCRIPTION: Some vulnerabilities have been reported in CA SiteMinder, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA38749 The vulnerabilities are reported in CA SiteMinder releases 6.0 SP4 and prior. SOLUTION: Update to the [...]

smartplugs “domain” SQL Injection Vulnerability SECUNIA ADVISORY ID: SA38819 VERIFY ADVISORY: http://secunia.com/advisories/38819/ DESCRIPTION: Easy Laster has reported a vulnerability in smartplugs, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the “domain” parameter in showplugs.php is not properly sanitised before being used in SQL queries. This can be exploited [...]

J. River Media Jukebox MP3 Processing Buffer Overflow SECUNIA ADVISORY ID: SA38854 VERIFY ADVISORY: http://secunia.com/advisories/38854/ DESCRIPTION: Gjoko ‘LiquidWorm’ Krstic has discovered a vulnerability in J. River Media Jukebox, which can be exploited by malicious people to potentially compromise a user’s system. The vulnerability is caused due to a boundary error when processing MP3 files and [...]

ePublisher WebWorks Help Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA38749 VERIFY ADVISORY: http://secunia.com/advisories/38749/ DESCRIPTION: Some vulnerabilities have been reported in ePublisher, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via URL parameters is not properly sanitised within the WebWorks Help files wwhsec.htm, wwhelpwwhimplapi.htm, wwhelpwwhimpl, commonhtmlframeset.htm, and wwhelpwwhimplcommonscriptsswitch.js before being [...]

New US-CERT PGP Key US-CERT has generated a new US-CERT Publications PGP key. We use this key to sign all publications, including documents sent to this list. Effective immediately, this new key (key ID 0x093916B7) is available and will be valid until Saturday, October 1, 2011. This key replaces the current PGP key (key ID [...]

New US-CERT PGP Key US-CERT has generated a new US-CERT Publications PGP key. We use this key to sign all publications, including documents sent to this list. Effective immediately, this new key (key ID 0x093916B7) is available and will be valid until Saturday, October 1, 2011. This key replaces the current PGP key (key ID [...]

New US-CERT PGP Key US-CERT has generated a new US-CERT Publications PGP key. We use this key to sign all publications, including documents sent to this list. Effective immediately, this new key (key ID 0x093916B7) is available and will be valid until Saturday, October 1, 2011. This key replaces the current PGP key (key ID [...]

New US-CERT PGP Key US-CERT has generated a new US-CERT Publications PGP key. We use this key to sign all publications, including documents sent to this list. Effective immediately, this new key (key ID 0x093916B7) is available and will be valid until Saturday, October 1, 2011. This key replaces the current PGP key (key ID [...]

CSS Web Installer ActiveX Control Buffer Overflow Vulnerabilities SECUNIA ADVISORY ID: SA38844 VERIFY ADVISORY: http://secunia.com/advisories/38844/ DESCRIPTION: Multiple vulnerabilities have been discovered in CSS Web Installer ActiveX control, which can be exploited by malicious people to compromise a user’s system. The vulnerabilities are caused due to boundary errors when parsing arguments to the “InstallProduct()”, “InstallProduct1()”, and [...]

BBSXP Cross-Site Scripting Vulnerability SECUNIA ADVISORY ID: SA38855 VERIFY ADVISORY: http://secunia.com/advisories/38855/ DESCRIPTION: liscker has discovered a vulnerability in BBSXP, which can be exploited by malicious people to conduct cross-site scripting attacks. Input appended to the URL after e.g. AddPost.asp, AddTopic.asp, Admin_Default.asp, Bank.asp, Manage.asp, and ShowPost.asp is not properly sanitised before being returned to the user. [...]