Peaches Posted February 4, 2009 Report Share Posted February 4, 2009 Bugzilla Multiple Vulnerabilities Secunia Advisory: SA33781 Release Date: 2009-02-03 Critical: Moderately critical Impact: Cross Site ScriptingExposure of sensitive informationWhere: From remote Solution Status: Vendor Patch Software:Bugzilla 3.xSubscribe: Instant alerts on relevant vulnerabilities Description:Some vulnerabilities and a security issue have been reported in Bugzilla, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to potentially disclose sensitive information or to conduct cross-site request forgery attacks.This vulnerability only affects version 3.2.1, 3.0.7, and 3.3.2.Solution:Update to version 3.2.2 or 3.3.3. Secunia advisories for more details: http://secunia.com/advisories/33781/ >>>>>>>>>>>>> Kaspersky Products klim5.sys Privilege Escalation Vulnerability Secunia Advisory: SA33788 Release Date: 2009-02-03 Critical: Less critical Impact: Privilege escalation DoSWhere: Local system Solution Status: Unpatched Software:Kaspersky Anti-Virus 7.xKaspersky Anti-Virus for Windows Workstations 6.xSubscribe: Instant alerts on relevant vulnerabilities Description:Ruben Santamarta has reported a vulnerability in multiple Kaspersky products, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges.The vulnerability is caused due to an error in the klim5.sys driver when handling IOCTL 0x80052110. This can be exploited to overwrite callback function pointers and execute arbitrary code with escalated privileges.Solution:Restrict local access to trusted users only. Secunia advisories : http://secunia.com/advisories/33788/ >>>>>>>>>>>>>>>>>>>> phpSlash "generic()" PHP Code Injection VulnerabilitySecunia Advisory: SA33717 Release Date: 2009-02-03 Critical: Highly critical Impact: System accessWhere: From remote Solution Status: Unpatched Software:phpSlash 0.xSubscribe: Instant alerts on relevant vulnerabilities Description:DarkFig has discovered a vulnerability in phpSlash, which can be exploited by malicious people to compromise a vulnerable system.Input passed to the "generic()" function in include/class/tz_env.class is not properly sanitised before being used in a call to "eval()". This can be exploited to inject and execute arbitrary PHP code via a specially crafted "fields" parameter passed to index.php.The vulnerability is confirmed in version 0.8.1.1. Other versions may also be affected.Solution:Edit the source code to ensure that input is properly sanitised. Secunia advisories: http://secunia.com/advisories/33717/ >>>>>>>>>> HP NonStop Server DNS Cache Poisoning Vulnerability Secunia Advisory: SA33786 Release Date: 2009-02-03 Popularity: 331 views Critical: Moderately critical Impact: SpoofingWhere: From remote Solution Status: Vendor Patch OS:HP NonStop Server 6.xSubscribe: Instant alerts on relevant vulnerabilities CVE reference:CVE-2008-1447Description:HP has acknowledged a vulnerability in HP NonStop Server, which can be exploited by malicious people to poison the DNS cache.For more information:SA30973The vulnerability affects all NonStop Integrity NS-series and NonStop S-series servers.Solution:G-Series:Install SPR T0685G06^AAC.H-Series and J-Series:Install SPR T0685^AAD. secunia advisories - http://secunia.com/advisories/33786/ >>>>>>>>>>>>>>>> Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.