 |
Adobe Reader CLOD Progressive Mesh Continuation Resolution Remote Code Execution
updated: 4-Jul-10
A vulnerability was reported in Adobe Reader and Adobe Acrobat when the application parses a PDF file containing a malformed CLOD Progressive Mesh Continuation Resolution Update. Specific values can cause a memory corruption during floating point operations which can be subsequently leveraged to achieve arbitrary code execution under the privileges of the current user.
Install the update from Adobe.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-10-116
http://www.adobe.com/support/security/bulletins/apsb10-15.html
Joomla BookLibrary Component Four SQL Injection
updated: 4-Jul-10
Multiple vulnerabilities were reported in the BookLibrary 1.5.3 Basic component for Joomla, which can be exploited by malicious people to conduct SQL injection attacks.
Successful exploitation requires that "magic_quotes_gpc" is disabled. Update to version 1.5.3_2010_06_20.
Reference
http://secunia.com/secunia_research/2010-84/
Adobe Reader GIF Image Parsing Array-Indexing
updated: 4-Jul-10
A vulnerability was reported in Adobe Reader 9.3.2, caused by an array-indexing error in AcroForm.api when parsing GIF image data. This can be exploited to bypass a size check to cause a heap-based buffer overflow when a specially crafted PDF file is opened.
Successful exploitation may allow execution of arbitrary code. Update to version 8.2.3 or 9.3.3.
Reference
http://secunia.com/secunia_research/2010-88/
Adobe Reader JPEG Uninitialised Memory Vulnerability
updated: 4-Jul-10
A vulnerability was reported in Adobe Reader 9.3.2, caused by an uninitialised memory error in AcroForm.api when processing JPEG image data. This can be exploited to dereference out-of-bounds memory when a specially crafted PDF file is opened.
Successful exploitation may allow execution of arbitrary code. Update to version 8.2.3 or 9.3.3.
Reference
http://secunia.com/secunia_research/2010-74/
SAP Web module OLK SQL Injection
updated: 4-Jul-10
The forms Price From, Price To, Inventory greater than, and some others in the "Advanced Search" are vulnerable to SQL Injection allowing an attacker to review or execute commands in the local Database (according to the web server's configuration)
D-Link DAP-1160 Authentication Bypass
updated: 4-Jul-10
Administration interface authentication can be bypassed by accessing a specific URL shortly after device reboot. D-Link DAP-1160 loaded with firmware versions v120b06, v130b10, and v131b01 are affected.
Multiple Vendor LibTIFF 3.9.2 Stack Buffer Overflow Vulnerability
updated: 4-Jul-10
A stack buffer overflow vulnerability was reported in
LibTIFF 3.9.2, as included in various vendors' operating system distributions, could allow an attacker to execute arbitrary code with the privileges of the current user.
This vulnerability is due to insufficient bounds checking when copying data into a stack allocated buffer. During the processing of a certain EXIF tag a fixed sized stack buffer is used as a destination location for a memory copy. This memory copy can cause the bounds of a stack buffer to be overflown and this condition may lead to arbitrary code execution.
Install the patches from vendors.
Reference
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=874
http://www.remotesensing.org/libtiff/v3.9.4.html#libtiff
http://www.ubuntu.com/usn/usn-954-1
https://bugzilla.redhat.com/show_bug.cgi?id=599576
TaskFreak "tznMessage" Cross-Site Scripting Vulnerability
updated: 4-Jul-10
A vulnerability was reported in TaskFreak 0.6.4, since input passed to the "tznMessage" parameter in logout.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Update to version 0.6.4.
Reference
http://secunia.com/secunia_research/2010-78/
TaskFreak "password" SQL Injection Vulnerability
updated: 4-Jul-10
A vulnerability was reported in TaskFreak 0.6.3 since input passed via the "password" parameter to login.php (when "username" is set to a valid user) is not properly sanitised before being used in a SQL query in include/classes/tzn_user.php. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows bypassing the authentication mechanism, but requires that "magic_quotes_gpc" is disabled. Update to version 0.6.4.
Reference
http://secunia.com/secunia_research/2010-79/
Denial-of-Service Vulnerability in IDA Pro
updated: 4-Jul-10
IDA Pro 3.76 to 5.6 uses different file loaders to disassemble files of different formats (PE, ELF, etc.). The loader for QNX files contains a vulnerability that allows a specially crafted file to cause the loader to go into an infinite loop, thereby consuming 100% of CPU resources and preventing disassembly.
Cisco ASA HTTP Response Splitting Vulnerability
updated: 4-Jul-10
Cisco Adaptive Security Appliance (ASA) 8.1(1) and earlier is vulnerable to HTTP response splitting caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim web browser within the security context of the Adaptive Security Appliance site.
Install the fix from Cisco.
Reference
http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html
Adobe Flash Player AVM newFrameState Integer Overfow Remote Code Execution
updated: 4-Jul-10
Adobe Flash Player contains a security flaw within the AVM bytecode verifier. Specifically, the newFrameState method performs arithmetic when calculating the size of a stack frame. It implicitly trusts the max_scope and max_stack variables as obtained from the bytecode. By crafting specific values, the integer indicating the size of the frame can be made to overflow.
This value is later used during memory copy operations which an attacker can influence to gain arbitrary code execution under the context of the user running the browser.
Install the update from Adobe.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-10-115
http://www.adobe.com/support/security/bulletins/apsb10-14.html
Adobe Flash Player AVM2 getouterscope Opcode Remote Code Execution
updated: 4-Jul-10
Adobe Flash Player has a vulnerability within the parsing of an undocumented opcode within Adobe's ActionScript Virtual Machine 2 bytecode. The operand to this opcode is used as an offset to a structure and if set to a malicious value can be pointed to attacker controlled data. The structure contains a function pointer that is later called. If an attacker modifies the controlled data pointed to by the invalid offset, this function pointer can be set to point to malicious code thus gaining execution under the context of the user running the browser.
Install the update from Adobe.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-10-114
http://www.adobe.com/go/apsb10-14
Novell iManager Multiple Vulnerabilities
updated: 4-Jul-10
prior to Novell iManager 2.7.3 ftf4 and Novell iManager 2.7.4 are prone to a stack-based buffer overflow vulnerability that can be exploited by authenticated users to execute arbitrary code, and to an off-by-one error that can be abused by remote, unauthenticated attackers to cause a Denial of Service to the application.
Upgrade to the latest version.
Mozilla Firefox XSLT Sort Remote Code Execution Vulnerability
updated: 4-Jul-10
Mozilla Firefox 3.6.x contains a flaw within a particular XSLT transformation when applied to an XML document. If a large number of elements have this transformation applied to them, the application will misallocate a buffer. Upon usage of this buffer the application will copy more data than allocated thus causing an overflow. This can lead to code execution under the context of the application.
Install the update from vendor.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-10-113
http://www.mozilla.org/security/announce/2010/mfsa2010-30.html
Apache Axis Session Fixation Vulnerability
updated: 4-Jul-10
A Session Fixation vulnerability was reported in Apache Axis2 <= 1.5. When successfully exploited, this vulnerability allows to fixate a Session Cookie in the browser of the victim, this way it's possible to perform session hijacking attacks.
HP OpenView SNMP Emanate Master Agent Remote Unauthorized Access
updated: 4-Jul-10
A potential vulnerability has been identified with HP OpenView SNMP Emanate Master Agent Running on HP-UX, Linux, Solaris, and Windows. The vulnerability could be exploited remotely to gain unauthorized access.
HP OpenView SNMP Emanate Master Agent v15.x running on HP-UX, Solaris, Linux, and Windows are affected. Install the fix from HP.
Linksys WAP54Gv3 debug.cgi Cross-Site Scripting
updated: 4-Jul-10
A cross-site scripting vulnerability is present in the debug.cgi page of WAP54Gv3 loaded with firmware version 3.05.03, that is accessible by using proper debug credentials.
The vulnerability may allow an attacker to access the output of commands during a "Remote blind" attack, where malicious web pages are used by the attacker over the Internet to execute code on a victim access point with private addressing, by leveraging an user browser as a 3rd party "reflector".
This would also allow an attacker to extract information and configuration stored on devices that are not even able to access the Internet (eg: firewall policy, gateway not configured)
Skype Client for Mac Chat Unicode Denial of Service
updated: 4-Jul-10
A denial of service vulnerability was reported in the Skype for Apple MacOS X (version 2.8). If a vulnerable client receives a malicious message, the message and all further messages will be received but not displayed.
After receiving a malicious message the attacked client is not able to use the chat feature anymore. Furthermore, the handling of some other elements of the application are not possible anymore (e.g. review the chat history).
Reference
http://www.scip.ch/?vuldb.4142
http://developer.skype.com/jira/browse/SCM-681
Adobe Flash Player LocalConnection Memory Corruption Remote Code Execution
updated: 4-Jul-10
Adobe Flash Player contains a flaw within the connect method exposed via the ActionScript native object number 2200. If this function is called several times with differing strings, a memory corruption issue can be triggered. This can be exploited by remote attackers to execute arbitrary code under the context of the user running the web browser.
Install the update from Adobe.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-10-111
http://www.adobe.com/support/security/bulletins/apsb10-14.html
Novell Access Manager Arbitrary File Upload Remote Code Execution
updated: 4-Jul-10
Novell Access Manager contains a flaw within the PortalModuleInstallManager component of the Novell Management Console which exists within the servlet located within nps.jar. Due to a failure to sanitize '../' directory traversal modifiers from a parameter an attacker can specify any filename to upload arbitrary contents into. Successful exploitation can result in code execution under the context of the service.
Install the update from Novell.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-10-112
http://www.novell.com/support/php/search.do?cmd=displayKC&docType=kc&externalId=7006255&sliceId=1&docTypeID=DT_TID_1_1&dialogID=149517296&stateId=0%200%20149513677
Adobe Flash Player Multiple Atom MP4 Parsing Remote Code Execution
updated: 4-Jul-10
Adobe Flash Player contains a flaw within the code responsible for parsing embedded MP4 files. When handling the STSC, STSZ, and STCO atoms the player can be made to improperly calculate length values later used as size parameters during memory copy operations. By providing a specially crafted file an attacker can corrupt heap memory and execute arbitrary code under the context of the currently logged in user.
Install the update from Adobe.
Reference
http://www.adobe.com/support/security/bulletins/apsb10-14.html
http://www.zerodayinitiative.com/advisories/ZDI-10-109
Adobe Flash Player Multiple Tag JPEG Parsing Remote Code Execution
updated: 4-Jul-10
Adobe Flash Player has a flaw within the code for parsing embedded image data within SWF files. The DefineBits tag and several of its variations are prone to a parsing issue while handling JPEG data. Specifically, the vulnerability is due to decompression routines that do not validate image dimensions sufficiently before performing operations on heap memory. An attacker can exploit this vulnerability to execute arbitrary code under the context of the user running the browser.
Install the update from Adobe.
Reference
http://www.adobe.com/support/security/bulletins/apsb10-14.html
http://www.zerodayinitiative.com/advisories/ZDI-10-110
UnrealIRCd Multiple vulnerabilities
updated: 4-Jul-10
Multiple vulnerabilities have been reported in UnrealIRCd < 3.2.8.1-r1. A remote attacker could exploit these vulnerabilities to cause the execution of arbitrary commands with the privileges of the user running UnrealIRCd, or a Denial of Service condition.
Upgrade to the latest version.
Reference
http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt
http://www.unrealircd.com/txt/unrealsecadvisory.20100612.txt
Creative Software AutoUpdate Engine 2 ActiveX Control Buffer Overflow
updated: 4-Jul-10
A vulnerability was reported in Creative Software AutoUpdate Engine 2.0.12.0 ActiveX control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by a boundary error in a callback function used when handling the "BrowseFolder()" method. This can be exploited to cause a stack-based buffer overflow via an overly long string argument.
Successful exploitation allows execution of arbitrary code. Set the kill-bit for the affected ActiveX control.
Upgrade to version 2.0.13 later.
Reference
http://secunia.com/secunia_research/2010-52/
Multiple Sourcefire Products Static Web SSL Keys Vulnerability
updated: 4-Jul-10
Sourcefire 3D Sensor and Defense Center contain a flaw within the reuse of private SSL keys for multiple devices and installations. The keypair is stored in /etc/ssl/server.crt and /etc/ssl/server.key. Disclosure of the private key allows an attacker to decrypt and monitor SSL communications with the target.
Replace the static keys with custom keys. These instructions can be found in the installation guide for your product (available on the Sourcefire support site).
Reference
https://support.sourcefire.com/notices/notice/1437
http://www.zerodayinitiative.com/advisories/ZDI-10-107
Multiple Vendor WebKit HTML Caption Use After Free Vulnerability
updated: 4-Jul-10
A memory corruption vulnerability in WebKit, as included with Google Chrome (3.0.195.38 and 4.0.249.78), and Safari 4.0.4 (Windows XP/OS X 10.5.8).
The vulnerability occurs when a certain property of an HTML element with a caption is reset via JavaScript code. When this occurs, a C++ object is incorrectly accessed after it has been freed. This results in an attacker controlled value being used as a C++ VTABLE, which leads to the execution of arbitrary code.
Install the fix from the developers.
Sophos Anti-Virus SAVOnAccessFilter Local Privilege Escalation
updated: 4-Jul-10
Sophos Anti-Virus contains a flaw in the handling of the system call NtQueryAttributesFile by the filter driver savonaccessfilter.sys. Due to improper handling of parameters to the function pool corruption can occur in kernel space. A local attacker can leverage this to execute arbitrary code in ring 0.
Install the update from Sophos.
Reference
http://www.sophos.com/support/knowledgebase/article/111126.html
Juniper Secure Access series (Juniper IVE) authenticated XSS & REDIRECTION
updated: 4-Jul-10
There are multiple authenticated Cross-site Scripting and redirection vulnerability on Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951).
An attacker may be able to cause execution of malicious scripting code in the browser of a user who clicks on a link or visits a malicious webpage. The malicious code would run in the security context of the vulnerable website.
Update to version 6.5R3.1 (build 15255) or later.
Reference
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-17
http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-05-751&viewMode=view
McAfee UTM Firewall Help Reflected Cross-Site Scripting
updated: 4-Jul-10
The help feature of the McAfee UTM Firewall (Firmware 3.0.0 to 4.0.6) management console is vulnerable to reflected cross-site scripting.
It could allow an attacker to cause a user to execute attacker-supplied Javascript code. This attack requires the target to have an existing valid session logged into the UTM device and that the attacker knows the internal IP address for the UTM device.
Upgrade to UTM Firewall Firmware 4.0.7.
Reference
http://ngenuity-is.com/advisories/2010/jun/9/mcafee-utm-firewall-help-cross-site-scripting/
Cisco Application Extension Platform Privilege Escalation
updated: 4-Jul-10
The Cisco Application Extension Platform contains a privilege escalation vulnerability in the tech support diagnostic shell that may allow an authenticated user to obtain administrative access to a vulnerable Cisco Application Extension Platform module. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability.
Cisco Application Extension Platform version 1.1 and 1.1.5 are affected. Install the fix from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100609-axp.shtml
Vulnerabilities in Cisco Unified Contact Center Express
updated: 4-Jul-10
Cisco Unified Contact Center Express (UCCX or Unified CCX) contains a denial of service (DoS) vulnerability and a directory traversal vulnerability. These vulnerabilities are independent of each other.
Install the fix from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100609-uccx.shtml
HP OpenView Network Node Manager Remote Code Execution
updated: 4-Jul-10
Potential security vulnerabilities have been identified with HP OpenView Network Node Manager (OV NNM). These vulnerabilities could be exploited remotely to execute arbitrary code under the context of the user running the web server.
HP OpenView Network Node Manager (OV NNM) v7.51, v7.53 running on HP-UX, Linux, Solaris, and Windows are affected. Install the fix from HP.
Vulnerability in Microsoft .NET Framework Could Allow Tampering
updated: 4-Jul-10
A data tampering vulnerability exists in the Microsoft .NET Framework that could allow an attacker to tamper with signed XML content without being detected. In custom applications, the security impact depends on the specific usage scenario. Scenarios in which signed XML messages are transmitted over a secure channel (such as SSL) are not affected by this vulnerability.
Microsoft .NET Framework for Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms10-041.mspx
Vulnerability in Internet Information Services Could Allow Remote Code Execution
updated: 4-Jul-10
A remote code execution vulnerability exists in Internet Information Services (IIS). The vulnerability is due to improper parsing of authentication information. An attacker who successfully exploited this vulnerability could execute code in the context of the Worker Process Identity (WPI).
IIS 6.0, IIS 7.0, and IIS 7.5 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms10-040.mspx
Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege
updated: 4-Jul-10
3 vulnerabilities were reported in Microsoft SharePoint. The most severe vulnerability could allow elevation of privilege if an attacker convinced a user of a targeted SharePoint site to click on a specially crafted link.
Microsoft SharePoint Services 3.0 and all supported editions of Microsoft Office InfoPath 2003, Microsoft Office InfoPath 2007, and Microsoft Office SharePoint Server 2007 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms10-039.mspx
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
updated: 4-Jul-10
14 vulnerabilities were reported in Microsoft Office. The more severe vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
All supported editions of Microsoft Office Excel 2002, Excel 2003, Excel 2007, Office 2004 for Mac, and Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Excel Viewer and Microsoft Office Compatibility Pack are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms10-038.mspx
Vulnerability in the OpenType Compact Font Format (CFF) Driver Could Allow Elevation of Privilege
updated: 4-Jul-10
An elevation of privilege vulnerability exists in the Windows OpenType Compact Font Format (CFF) driver due to improper validation of certain data passed from user mode to kernel mode. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
All supported editions of Microsoft Windows are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms10-037.mspx
Vulnerability in COM Validation in Microsoft Office Could Allow Remote Code Execution
updated: 4-Jul-10
A remote code execution vulnerability exists in the way that affected Microsoft Office software validates COM object instantiation. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
Microsoft Office 2003 and the 2007 Microsoft Office system are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms10-036.mspx
Cumulative Security Update for Internet Explorer
updated: 4-Jul-10
five privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; Critical for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows clients; and Moderate for Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on Windows servers are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms10-035.mspx
Cumulative Security Update of ActiveX Kill Bits
updated: 4-Jul-10
2 vulnerabilities were reported for Microsoft software. This security update is rated Critical for all supported editions of Microsoft Windows 2000, Windows XP, Windows Vista, and Windows 7, and Moderate for all supported editions of Windows Server 2003, Windows Server2008, and Windows Server 2008 R2.
The vulnerabilities could allow remote code execution if a user views a specially crafted Web page that instantiates a specific ActiveX control with Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This update also includes kill bits for four third-party ActiveX controls.
Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms10-034.mspx
Vulnerabilities in Media Decompression Could Allow Remote Code Execution
updated: 4-Jul-10
2 vulnerabilities were reported in Microsoft Windows. These vulnerabilities could allow remote code execution if a user opens a specially crafted media file or receives specially crafted streaming content from a Web site or any application that delivers Web content.
An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms10-033.mspx
Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege
updated: 4-Jul-10
3 vulnerabilities were reported in the Windows kernel-mode drivers. The vulnerabilities could allow elevation of privilege if a user views content rendered in a specially crafted TrueType font.
This security update is rated Important for all supported releases of Microsoft Windows. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/bulletin/ms10-032.mspx
HP OpenView NNM ovutil.dll getProxiedStorageAddress Remote Code Execution
updated: 4-Jul-10
Hewlett-Packard OpenView Network Node Manager contains
a flaw within the ovutil.dll module which is loaded by the ovwebsnmpsrv.exe process which in turn can be reached remotely through the jovgraph.exe CGI program. By supplying overly large values to variables passed through an HTTP request a sprintf can be made to overflow a static buffer. An attacker can leverage this to execute arbitrary code under the context of the user running the webserver.
Install the update from HP.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-10-106
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02217439
Core FTP Server Denial of Services
updated: 4-Jul-10
Several Denial of Service vulnerabilities exist in SFTP module of Core FTP Server 1.0 build 347. The unsafe commands include "open", "stat", which cannot handle over length strings properly.
Core FTP mini-sftp-server Several DoS and Directory Traversal Vulnerabilities
updated: 4-Jul-10
Several Denial of Service and Directory Traversal vulnerabilities were reported in Core FTP mini-sftp-server 1.19. PoC exploit has been published.
Asterisk Multiple vulnerabilities
updated: 4-Jul-10
Multiple vulnerabilities in Asterisk were reported in Asterisk < 1.2.37. A remote attacker could exploit these vulnerabilities by sending a specially crafted package, possibly causing a Denial of Service condition, or resulting in information disclosure.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7220
Bugzilla Multiple Vulnerabilities
updated: 4-Jul-10
Bugzilla < 3.2.6 was prone to multiple medium severity vulnerabilities. A remote attacker might be able to disclose local files, bug information, passwords, and other data under certain circumstances.
Furthermore, a remote attacker could conduct SQL injection, Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks via various vectors.
Upgrade to the latest version.
Reference
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4437
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0481
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0482
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0483
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0484
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0485
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3989
RSA Key Manager SQL injection Vulnerability
updated: 4-Jul-10
RSA Key Manager Client 1.5.x uses an SQLite database to cache its encryption keys. The software fails to properly validate the metadata embedded inside of the RSA Key Manager encrypted data when it perform a key lookup when the encrypted data is being decrypted.
An attacker can inject SQL commands into the metadata section of the RSA Key Manager encrypted data, which will be executed by the Key Manager Client software. For example, an attacker can inject SQL statements to modify existing encryption keys, remove existing encryption keys, add new encryption keys, etc.
|
|
