Bugtraq

Vulnerabilities in CMS WebManager-Pro

Thu, 02 Sep 2010 16:15:24 GMT

Posted by MustLive on Sep 02

Hello Bugtraq!

I want to warn you about SQL Injection and Redirector (URL Redirector Abuse)
vulnerabilities in CMS WebManager-Pro (SecurityVulns ID:11108). It's
Ukrainian commercial CMS.

SQL Injection:

http://site/c.php?id=1%20and%20version()=5

Redirector:

http://site/c.php?id=1&url=http://websecurity.com.ua

Affected products: both systems CMS WebManager-Pro from two developers.
Vulnerable are versions CMS WebManager-Pro up to 8.1...

{PRL} Novell Netware OpenSSH Remote Stack Overflow

Thu, 02 Sep 2010 16:07:17 GMT

Posted by Francis Provencher on Sep 02

#####################################################################################

Application: Novell Netware OpenSSH Remote Stack Overflow

Platforms: Netware 6.5

Exploitation: Remote code execution

CVE Number:

Novell TID: 7006756

ZeroDayInitiative: ZDI-10-169

Author: Francis Provencher (Protek Research Lab's)

Blog: http://www.protekresearchlab.com/...

Moovida Media Player version 2.0.0.15 Insecure DLL Hijacking Vulnerability (libc.dll,quserex.dll)

Thu, 02 Sep 2010 16:05:23 GMT

Posted by YGN Ethical Hacker Group on Sep 02

1. OVERVIEW

The Moovida Media Player application is vulnerable to Insecure DLL
Hijacking Vulnerability. Similar terms that describe this
vulnerability
have been come up with Remote Binary Planting, Unsafe Library Loading,
and Insecure DLL Loading/Injection/Hijacking/Preloading.

2. PRODUCT DESCRIPTION

Moovida Media Player is a free and open source media center that
allows you to enjoy all of your music, video and pictures
in an awsome...

[ MDVSA-2010:168 ] openssl

Thu, 02 Sep 2010 15:57:39 GMT

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:168
http://www.mandriva.com/security/
_______________________________________________________________________

Package : openssl
Date : September 1, 2010
Affected: 2010.1
_______________________________________________________________________

Problem Description:

A vulnerability has been found...

[ MDVSA-2010:169 ] mozilla-thunderbird

Thu, 02 Sep 2010 15:37:52 GMT

Posted by security on Sep 02

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:169
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mozilla-thunderbird
Date : September 2, 2010
Affected: 2008.0, 2009.0, 2010.0, 2010.1
_______________________________________________________________________

Problem...

[USN-982-1] Wget vulnerability

Thu, 02 Sep 2010 15:19:28 GMT

Posted by Marc Deslauriers on Sep 02

===========================================================
Ubuntu Security Notice USN-982-1 September 02, 2010
wget vulnerability
CVE-2010-2252
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 9.04
Ubuntu 9.10
Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem...

XSS vulnerability in ArtGK CMS

Wed, 01 Sep 2010 16:22:09 GMT

Posted by advisory on Sep 01

Vulnerability ID: HTB22588
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_artgk_cms_1.html
Product: ArtGK CMS
Vendor: ArtGK ( http://artgk-cms.ru/ )
Vulnerable Version: 2009-08-28 16:00:00 and Probably Prior Versions
Vendor Notification: 18 August 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking &...

Online Binary Planting Exposure Test

Wed, 01 Sep 2010 15:49:10 GMT

Posted by ACROS Lists on Sep 01

ACROS Security has made the Online Binary Planting Exposure Test publicly accessible
for the benefit of all Windows users. This test should make it easy for users and
administrators to assess their exposure to binary planting attacks originating from
the Internet.

URL: http://www.binaryplanting.com/test.htm

Note that this test is NOT meant to answer whether you're vulnerable (at this point
where so many binary planting vulnerabilities exist out...

XSS vulnerability in Rumba CMS tags

Wed, 01 Sep 2010 15:47:46 GMT

Posted by advisory on Sep 01

Vulnerability ID: HTB22591
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_rumba_cms.html
Product: Rumba CMS
Vendor: Rumba Netware Ltd. ( http://rumbacms.com )
Vulnerable Version: 2.4 and Probably Prior Versions
Vendor Notification: 18 August 2010
Vulnerability Type: Stored XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking...

XSS vulnerability in ArtGK CMS forum

Wed, 01 Sep 2010 15:34:18 GMT

Posted by advisory on Sep 01

Vulnerability ID: HTB22587
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_artgk_cms.html
Product: ArtGK CMS
Vendor: ArtGK ( http://artgk-cms.ru/ )
Vulnerable Version: 2009-08-28 16:00:00 and Probably Prior Versions
Vendor Notification: 18 August 2010
Vulnerability Type: XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking &...

XSS vulnerability in Rumba CMS

Wed, 01 Sep 2010 15:27:00 GMT

Posted by advisory on Sep 01

Vulnerability ID: HTB22592
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_rumba_cms_1.html
Product: Rumba CMS
Vendor: Rumba Netware Ltd. ( http://rumbacms.com )
Vulnerable Version: 2.4 and Probably Prior Versions
Vendor Notification: 18 August 2010
Vulnerability Type: Stored XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking &...

Tortoise SVN DLL Hijacking Vulnerability

Wed, 01 Sep 2010 15:23:30 GMT

Posted by nikhil_uitrgpv on Sep 01

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2010-3199 to this issue. This is a
candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.

XSS vulnerability in Amiro.CMS FAQ

Wed, 01 Sep 2010 15:13:34 GMT

Posted by advisory on Sep 01

Vulnerability ID: HTB22590
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_amiro_cms_1.html
Product: Amiro.CMS
Vendor: Amiro ( http://www.amiro.ru/ )
Vulnerable Version: 5.8.4.0 and Probably Prior Versions
Vendor Notification: 18 August 2010
Vulnerability Type: Stored XSS (Cross Site Scripting)
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response
Risk level: Medium
Credit: High-Tech Bridge SA - Ethical Hacking &...

VMSA-2010-0013 VMware ESX third party updates for Service Console

Wed, 01 Sep 2010 15:12:03 GMT

Posted by VMware Security Team on Sep 01

------------------------------------------------------------------------
VMware Security Advisory

Advisory ID: VMSA-2010-0013
Synopsis: VMware ESX third party updates for Service Console
Issue date: 2010-08-31
Updated on: 2010-08-31 (initial release of advisory)
CVE numbers: CVE-2005-4268 CVE-2010-0624 CVE-2010-2063
CVE-2010-1321 CVE-2010-1168 CVE-2010-1447...

VMSA-2010-0013

Wed, 01 Sep 2010 15:01:30 GMT

Posted by VMware Security Team on Sep 01