 |
ViewVC Regular Expression Search Cross-Site Scripting
updated: 23-Apr-10
ViewVC 1.0.10 and 1.1.4 contain a vulnerability in ViewVC, which can be exploited by malicious people to conduct cross-site scripting attacks.
Input passed to the regular expression search functionality is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Successful exploitation requires that the regular expression search functionality is enabled (disabled by default).
Update to version 1.0.11 or 1.1.5.
Reference
http://secunia.com/secunia_research/2010-26/
Apache ActiveMQ Persistent Cross-Site Scripting
updated: 23-Apr-10
An input validation vulnerability was reported in Apache Software Foundation's ActiveMQ server prior to 5.3.1, that could allow an attacker to perform a stored or persistent cross-site scripting (XSS) attack.
The code responsible for parsing HTTP requests is vulnerable to an XSS vulnerability. When parsing the JMSDestination parameter from a GET request to /createDestination.action page, the value of this variable is directly inserted into the HTML code that can be accessed by using URLs such as /queues.jsp. This allows an attacker to run arbitrary JavaScript in the context of the affected domain of the ActiveMQ administration console.
Upgrade to the latest version.
Reference
http://issues.apache.org/activemq/browse/AMQ-2613
Cumulative Security Update for Internet Explorer
updated: 23-Apr-10
10 vulnerabilities were reported in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for all supported releases of Internet Explorer are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-018.mspx
Novell Netware FTP Remote Stack Overflow
updated: 23-Apr-10
Novell Netware 6.5 SP8 contains a stack overflow vulnerability. It's possible to overflow the stack and rewrite the EIP by sending a mkdir and a rmdir request with these special caracters "~A/" 320 time.
Cisco IOS Software NAT Skinny Call Control Protocol Vulnerability
updated: 23-Apr-10
Skinny Client Control Protocol (SCCP) crafted messages may cause a Cisco IOS device that is configured with the Network Address Translation (NAT) SCCP Fragmentation Support feature to reload.
Cisco IOS Software Release 12.4(6)T is affected. Install the fix from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100324-sccp.shtml
Cisco IOS Software IPsec Vulnerability
updated: 23-Apr-10
A malformed Internet Key Exchange (IKE) packet may cause a device running Cisco IOS Software to reload. Only Cisco 7200 Series and Cisco 7301 routers running Cisco IOS software with a VPN Acceleration Module 2+ (VAM2+) installed are affected. Cisco has released free software updates that address this vulnerability.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100324-ipsec.shtml
Cisco IOS Software Session Initiation
Protocol Denial of Service
updated: 23-Apr-10
Multiple vulnerabilities exist in the Session Initiation Protocol (SIP) implementation in Cisco IOS Software that could allow an unauthenticated, remote attacker to cause a reload of an affected device when SIP operation is enabled. Remote code execution may also be possible.
Install the update from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100324-sip.shtml
Skype Protocol Handler datapath Argument Injection Remote Code Execution
updated: 23-Apr-10
Skype contains a flaw with how the OS web-browser passes command line arguments to Skype through the registered 'skype:' protocol handler.
Insufficient sanity checking to the /datapath argument allows an attacker to construct a link that will execute Skype with arbitrary arguments. This can be abused to specify a remote configuration storage directory which can be leveraged to glean target user credentials.
Install the update from the developer.
Reference
http://share.skype.com/sites/garage/2010/03/10/ReleaseNotes_4.2.0.155.pdf
SAP MaxDB Malformed Handshake Request Remote Code Execution
updated: 23-Apr-10
SAP MaxDB contains a flaw within the serv.exe process which listens by default on TCP port 7210. The process trusts a value from a handshake packet and uses it as a length when copying data to the stack. If provided a malicious value and packet data, this can be leveraged to execute arbitrary code under the context of the SYSTEM user.
Install the fix from vendor.
Reference
https://service.sap.com/sap/support/notes/1409425
Quicksilver Forums Backup Information Disclosure
updated: 23-Apr-10
Quicksilver Forums 1.4.2, PowerDNS Administrator 1.1.8 and QSF Portal 1.4.5 contains a security issue in Quicksilver Forums, which can be exploited by malicious people to disclose potentially sensitive information.
The database backup functionality stores the database backup with a semi-predictable file name inside the web root. This can be exploited to download the backup by guessing the file name.
Do not use the database backup functionality. Restrict access to existing backup files.
Reference
http://secunia.com/secunia_research/2010-39/
Quicksilver Forums Cross-Site Request Forgery
updated: 23-Apr-10
Quicksilver Forums 1.4.2, PowerDNS Administrator 1.1.8 and QSF Portal 1.4.5 contain a vulnerability in Quicksilver Forums, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. execute arbitrary SQL queries by tricking a logged in administrator into visiting a malicious web site.
Do not browse untrusted sites or follow untrusted links while being logged-in to the application.
Reference
http://secunia.com/secunia_research/2010-40/
Quicksilver Forums "mysqldump" Password Disclosure
updated: 23-Apr-10
Quicksilver Forums 1.4.2, PowerDNS Administrator 1.1.8 and QSF Portal 1.4.5 contain a security issue in Quicksilver Forums, which can be exploited by malicious, local users to disclose sensitive information.
The application passes the database password via the command line to the "mysqldump" utility, which may disclose the password via the process list.
Do not use the database backup functionality.
Reference
http://secunia.com/secunia_research/2010-38/
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution
updated: 23-Apr-10
A remote code execution vulnerability exists in the way that Windows Movie Maker and Microsoft Producer 2003 handle specially crafted project files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Windows Movie Maker 2.1, Windows Movie Maker 2.6, Windows Movie Maker 6.0, and Microsoft Producer 2003 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-016.mspx
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
updated: 23-Apr-10
7 vulnerabilities were reported in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
All supported editions of Excel, Microsoft Office SharePoint Server 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-017.mspx
XnView DICOM Parsing Integer Overflow
updated: 23-Apr-10
XnView 1.97 contains a vulnerability, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to an integer overflow when processing DICOM images with certain dimensions. This can be exploited to cause a heap-based buffer overflow by e.g. tricking a user into opening a specially crafted DICOM file.
Update to version 1.97.2.
Reference
http://secunia.com/secunia_research/2009-60/
Multiple Vendor WebKit HTML Element Use After Free Vulnerability
updated: 23-Apr-10
A memory corruption vulnerability was reported in WebKit, as included with multiple vendors' browsers, could allow an attacker to execute arbitrary code with the privileges of the current user.
The vulnerability occurs when a certain property of an HTML element is reset via JavaScript code. When this occurs, a C++ object is incorrectly accessed after it has been freed. This results in an attacker controlled value being used as a C++ VTABLE, which leads to the execution of arbitrary code.
Google Chrome 3.0.195.38 and Safari 4.0.4 are affected. Install the fix from the developer.
Reference
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=863
Vulnerability in Windows Movie Maker Could Allow Remote Code Execution
updated: 23-Apr-10
A remote code execution vulnerability exists in the way that Windows Movie Maker and Microsoft Producer 2003 handle specially crafted project files. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Windows Movie Maker 2.1, Windows Movie Maker 2.6, Windows Movie Maker 6.0, and Microsoft Producer 2003 are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-016.mspx
Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution
updated: 23-Apr-10
7 vulnerabilities were reported in Microsoft Office Excel. The vulnerabilities could allow remote code execution if a user opens a specially crafted Excel file. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
All supported editions of Microsoft Office Excel 2002, Microsoft Office Excel 2003, Microsoft Office Excel 2007, Microsoft Office SharePoint Server 2007, Microsoft Office 2004 for Mac, and Microsoft Office 2008 for Mac; Open XML File Format Converter for Mac; and all supported versions of Microsoft Office Excel Viewer and Microsoft Office Compatibility Pack are affected. Install the update from Microsoft.
Reference
http://www.microsoft.com/technet/security/Bulletin/MS10-017.mspx
Cisco Unified Communications Manager Denial of Service
updated: 23-Apr-10
Cisco Unified Communications Manager (formerly Cisco CallManager) contains multiple denial of service (DoS) vulnerabilities that if exploited could cause an interruption of voice services. The Session Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and Computer Telephony Integration (CTI) Manager services are affected by these vulnerabilities.
Install the fix from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100303-cucm.shtml
Cisco Digital Media Player Remote Display Unauthorized Content Injection
updated: 23-Apr-10
A vulnerability exists in the Cisco Digital Media Player that could allow an unauthenticated attacker to inject video or data content into a remote display.
Install the fix from Cisco.
Reference
http://www.cisco.com/warp/public/707/cisco-sa-20100303-dmp.shtml
Novell eDirectory SOAP Request Parsing Denial of Service
updated: 23-Apr-10
Novell eDirectory contains a flaw within the NDS daemon's SOAP service. When a malformed request is made to the novell.embox.connmgr.serverinfo SOAP action, the daemon makes an illegal reference thereby resulting in a denial of service.
Install the update from Novell.
Reference
http://www.novell.com/support/viewContent.do?externalId=7005341
Multiple Vendor librpc.dll Signedness Error Remote Code Execution
updated: 23-Apr-10
A vulnerability was reported the RPC protocol parsing library, librpc.dll, utilized by the ISM Portmapper service (portmap.exe) bound by default to TCP port 36890.
During authentication, a lack of a proper signedness check on a supplied parameter size can result in exploitable stack based buffer overflow leading to arbitrary code execution under the context of the SYSTEM user.
IBM Informix and EMC NetWorker are affected. Install the fix from vendor.
Reference
http://www.zerodayinitiative.com/advisories/ZDI-10-023
IBM Lotus Domino Web Access ActiveX Stack Buffer Overflow Vulnerability
updated: 23-Apr-10
A stack-based buffer overflow vulnerability in IBM Lotus Domino 6.5, 7.0 and 8.0 Web Access ActiveX control, that could allow an attacker to execute arbitrary code with the privileges of the current user.
The vulnerable function takes an attacker-controlled URL, and copies it into a fixed-size stack buffer. No validation checks are performed on the length of the URL. By passing in a long URL string, it is possible to trigger a stack-based buffer overflow, resulting in the execution of arbitrary code.
Install the fix from IBM.
Reference
http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg21421808
|
|
