Secunia Security Summary m8
Secunia Security Summary m8
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
==
1) Word From Secunia:
Secunia has launched a new service called Secunia Virus Information.
Secunia Virus Information is based on information automatically
collected from seven different anti-virus vendors. The data will be
parsed and indexed, resulting in a chronological list, a searchable
index, and grouped profiles with information from the seven vendors.
Furthermore, when certain criteria are triggered virus alerts will be
issued. You can sign-up for the alerts here:
Sign-up for Secunia Virus Alerts:
Secunia Virus Information:
==
2) This Week in Brief:
ADVISORIES:
Secunia issued Monday a "Highly Critical" advisory for Mac OS X, as
it was reported that it was possible to silently deliver and execute
arbitrary code on a vulnerable system.
However, during the day more details were revealed, and more advanced
exploits were published by various sources, demonstrating exactly how
easily this vulnerability could be exploited.
Therefore, and in the light of no patch being available from Apple,
Secunia raised the severity to a rare "Extremely Critical" for this
vulnerability.
Please refer to Secunia advisory below for full details.
Reference:
--
http-equiv found a vulnerability in Outlook Express, which can be
exploited to include arbitrary web content from remote sites in
emails. It could be exploited by e.g. spammers to "ping" an email
address to see if anyone is reading emails sent to it.
http-equiv also reported a vulnerability in Microsoft Outlook, which
could be exploited to bypass certain security restrictions.
Please refer to the Secunia advisories below for in-depth information
about the vulnerabilities.
Reference:
--
A vulnerability in CVS was reported by Stefan Esser, which can be
exploited to compromise a vulnerable system.
Many vendors have issued patches for this issue, and many more are
likely to follow in the next days. Please refer to
for information about vendor patches.
Reference:
VIRUS ALERTS:
Secunia has not issued any virus alerts during the last week.
==
3) This Weeks Top Ten Most Read Advisories:
1. [SA11622] Mac OS X URI Handler Arbitrary Code Execution
2. [SA11066] Symantec Client Firewall Products Multiple
Vulnerabilities
3. [SA11539] Mac OS X Security Update Fixes Multiple Vulnerabilities
4. [SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass
5. [SA11012] Apple Filing Protocol Insecure Implementation
6. [SA11303] Mac OS X Security Update Fixes Multiple Vulnerabilities
7. [SA10959] Mac OS X Security Update Fixes Multiple Vulnerabilities
8. [SA10440] Mac OS X cd9660.util Privilege Escalation Vulnerability
9. [SA10524] Mac OS X Local Denial of Service Vulnerability
10. [SA10723] Mac OS X Security Update Fixes Multiple Vulnerabilities
==
4) Vulnerabilities Summary Listing
Windows:
[SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass
[SA11637] NetChat HTTP Service GET Request Buffer Overflow
Vulnerability
[SA11607] Microsoft Outlook Express Loading of Arbitrary Web Content
[SA11633] Microsoft Windows "desktop.ini" Arbitrary File Execution
Vulnerability
UNIX/Linux:
[SA11622] Mac OS X URI Handler Arbitrary Code Execution
[SA11662] Slackware update for cvs
[SA11661] Fedora update for cvs
[SA11659] Fedora update for subversion
[SA11658] Mandrake update for cvs
[SA11653] SuSE update for cvs
[SA11652] FreeBSD update for cvs
[SA11651] Debian update for cvs
[SA11647] Red Hat update for cvs
[SA11646] Gentoo update for pound
[SA11642] Subversion Date Parsing Buffer Overflow Vulnerability
[SA11641] CVS Entry Line Heap Overflow Vulnerability
[SA11620] Gentoo update for exim
[SA11604] Zoneminder Query String Buffer Overflow Vulnerability
[SA11671] Gentoo update for icecast
[SA11670] Fedora update for ipsec-tools
[SA11660] Fedora update for libneon
[SA11657] Mandrake update for libneon
[SA11655] Gentoo update for proftpd
[SA11654] Debian update for cadaver
[SA11650] Debian update for libneon
[SA11648] Red Hat update for cadaver
[SA11643] cadaver libneon Date Parsing Heap Overflow Vulnerability
[SA11638] Neon Date Parsing Heap Overflow Vulnerability
[SA11630] Mandrake update for apache
[SA11617] Trustix update for apache
[SA11613] HP-UX update for Mozilla
[SA11610] Fedora update for LHA
[SA11636] Debian update for heimdal
[SA11614] HP-UX dtlogin XDMCP Parsing Vulnerability
[SA11669] Red Hat update for rsync
[SA11667] Red Hat update for libpng
[SA11663] Fedora update for tcpdump
[SA11656] Gentoo update for kdelibs
[SA11645] Mandrake update for kdelibs
[SA11644] Fedora update for kdelibs
[SA11635] Slackware update for kdelibs
[SA11631] Red Hat update for kdelibs
[SA11623] TTT-C Multiple Vulnerabilities
[SA11619] Gentoo update for libpng
[SA11612] Fedora update for libpng
[SA11628] SGI IRIX rpc.mountd Denial of Service Vulnerability
[SA11668] Red Hat update for mc
[SA11621] Slackware update for mc
[SA11618] SuSE update for mc
[SA11615] HP-UX B6848AB GTK+ Support Libraries Insecure Directory
Permissions
[SA11609] Gentoo update for utempter
[SA11605] OpenBSD procfs Integer Overflow Vulnerability
[SA11616] Sun Solaris SMC Web Server File Enumeration Security Issue
[SA11611] Fedora update for iproute
Other:
[SA11632] Sidewinder G2 Firewall Multiple Denial of Service
Vulnerabilities
[SA11603] Sweex Wireless Broadband Router Exposure of Configuration
[SA11627] Blue Coat Security Gateway OS Private Key Disclosure
[SA11606] Linksys BEF Series Routers DHCP Vulnerability
Cross Platform:
[SA11649] Zen Cart SQL Injection Vulnerability
[SA11640] phpMyFAQ Arbitrary File Inclusion Vulnerability
[SA11639] Java Secure Socket Extension Unspecified Server Certificate
Validation Vulnerability
[SA11625] PHP-Nuke Multiple Vulnerabilities
[SA11608] Ethereal Multiple Vulnerabilities
[SA11602] Multiple Browsers Telnet URI Handler File Manipulation
Vulnerability
[SA11624] osCommerce Directory Traversal Vulnerability
==
5) Vulnerabilities Content Listing
Windows:--
[SA11629] Microsoft Outlook RTF Embedded OLE Object Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: -05-18
http-equiv has reported a vulnerability in Microsoft Outlook 2003,
allowing malicious people to perform illegal actions through emails.
--
[SA11637] NetChat HTTP Service GET Request Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: -05-19
Marius Huse Jacobsen has reported a vulnerability in NetChat, which can
be exploited by malicious people to compromise a user's system.
--
[SA11607] Microsoft Outlook Express Loading of Arbitrary Web Content
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: -05-14
http-equiv has reported a vulnerability in Microsoft Outlook Express,
allowing malicious people (e.g. spammers and phishers) to load
arbitrary content into the email client.
--
[SA11633] Microsoft Windows "desktop.ini" Arbitrary File Execution
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-18
Roozbeh Afrasiabi has reported a vulnerability in Microsoft Windows,
which can be exploited by malicious, local users to gain escalated
privileges.
UNIX/Linux:--
[SA11622] Mac OS X URI Handler Arbitrary Code Execution
Critical: Extremely critical
Where: From remote
Impact: System access
Released: -05-17
Two vulnerabilities have been reported in Mac OS X, allowing malicious
web sites to compromise a vulnerable system.
--
[SA11662] Slackware update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-20
Slackware has issued updated packages for cvs. These fix a
vulnerability, which can be exploited by malicious users to compromise
a vulnerable system.
--
[SA11661] Fedora update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-19
Fedora has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
--
[SA11659] Fedora update for subversion
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-19
Fedora has issued updated packages for subversion. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
--
[SA11658] Mandrake update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-19
MandrakeSoft has issued updated packages for cvs. These fix a
vulnerability, which can be exploited by malicious users to compromise
a vulnerable system.
--
[SA11653] SuSE update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-19
SuSE has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
--
[SA11652] FreeBSD update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-19
FreeBSD has issued updates for cvs. These fix a vulnerability, which
can be exploited by malicious users to compromise a vulnerable system.
--
[SA11651] Debian update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-19
Debian has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
--
[SA11647] Red Hat update for cvs
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-19
Red Hat has issued updated packages for cvs. These fix a vulnerability,
which can be exploited by malicious users to compromise a vulnerable
system.
--
[SA11646] Gentoo update for pound
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-19
Gentoo has issued an update for pound. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
--
[SA11642] Subversion Date Parsing Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-19
Stefan Esser has discovered a vulnerability in Subversion, which can be
exploited by malicious users to compromise a vulnerable system.
--
[SA11641] CVS Entry Line Heap Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-19
Stefan Esser has reported a vulnerability in CVS, allowing malicious
users to compromise a vulnerable system.
--
[SA11620] Gentoo update for exim
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-17
Gentoo has issued updated packages for exim. These fix two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
--
[SA11604] Zoneminder Query String Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: -05-13
Mark Cox has reported a vulnerability in ZoneMinder, potentially
allowing malicious people to compromise a vulnerable system.
--
[SA11671] Gentoo update for icecast
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: -05-20
Gentoo has issued an update for icecast. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
--
[SA11670] Fedora update for ipsec-tools
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: -05-20
Fedora has issued updates for ipsec-tools. These fix a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
--
[SA11660] Fedora update for libneon
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-19
Fedora has issued updated packages for libneon. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
--
[SA11657] Mandrake update for libneon
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-19
MandrakeSoft has issued updated packages for libneon. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
--
[SA11655] Gentoo update for proftpd
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: -05-19
Gentoo has issued an update for proftpd. This fixes a security issue,
which potentially allows malicious people to bypass ACLs.
--
[SA11654] Debian update for cadaver
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-19
Debian has issued updated packages for cadaver. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
--
[SA11650] Debian update for libneon
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-19
Debian has issued updated packages for libneon. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
--
[SA11648] Red Hat update for cadaver
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-19
Red Hat has issued updated packages for cadaver. These fix a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
--
[SA11643] cadaver libneon Date Parsing Heap Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-19
cadaver is affected by a vulnerability in the libneon date parsing
code, which potentially can be exploited by malicious people to
compromise a user's system.
--
[SA11638] Neon Date Parsing Heap Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-19
Stefan Esser has discovered a vulnerability in neon, which potentially
can be exploited by malicious people to compromise a user's system.
--
[SA11630] Mandrake update for apache
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing, Manipulation of data, DoS
Released: -05-18
MandrakeSoft has issued updated packages for apache. These fix various
vulnerabilities, which can be exploited to inject potentially malicious
characters into error logfiles, bypass certain restrictions, gain
unauthorised access, or cause a DoS (Denial of Service).
--
[SA11617] Trustix update for apache
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing, Manipulation of data, DoS
Released: -05-14
Trustix has issued updated packages for apache. These fix various
vulnerabilities, which can be exploited to inject potentially malicious
characters into error logfiles, bypass certain restrictions, gain
unauthorised access, or cause a DoS (Denial of Service).
--
[SA11613] HP-UX update for Mozilla
Critical: Moderately critical
Where: From remote
Impact: System access, DoS, Cross Site Scripting, Security Bypass
Released: -05-14
HP has acknowledged various vulnerabilities in Mozilla for HP-UX, which
can be exploited by malicious people to conduct cross-site scripting
attacks, bypass certain cookie restrictions, and potentially compromise
a user's system.
--
[SA11610] Fedora update for LHA
Critical: Moderately critical
Where: From remote
Impact: System access
Released: -05-14
Fedora has issued an update for lha. This fixes multiple
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.
--
[SA11636] Debian update for heimdal
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: -05-18
Evgeny Demidov has discovered a vulnerability in Heimdal, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
--
[SA11614] HP-UX dtlogin XDMCP Parsing Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: -05-14
HP has acknowledged a vulnerability in HP-UX, which may be exploited by
malicious people to compromise a vulnerable system.
--
[SA11669] Red Hat update for rsync
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Security Bypass
Released: -05-20
Red Hat has issued updated packages for rsync. These fix a
vulnerability, potentially allowing malicious people to write files
outside the intended directory.
--
[SA11667] Red Hat update for libpng
Critical: Less critical
Where: From remote
Impact: DoS
Released: -05-20
Red Hat has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.
--
[SA11663] Fedora update for tcpdump
Critical: Less critical
Where: From remote
Impact: DoS
Released: -05-19
Fedora has issued updated packages for tcpdump. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
--
[SA11656] Gentoo update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: -05-19
Gentoo has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.
--
[SA11645] Mandrake update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: -05-19
MandrakeSoft has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.
--
[SA11644] Fedora update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: -05-19
Fedora has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.
--
[SA11635] Slackware update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: -05-18
Slackware has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.
--
[SA11631] Red Hat update for kdelibs
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: -05-18
Red Hat has issued updated packages for kdelibs. These fix a
vulnerability, which can be exploited by malicious people to create or
truncate files on a user's system.
--
[SA11623] TTT-C Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: -05-19
Kaloyan Olegov Georgiev has reported some vulnerabilities in TTT-C,
allowing malicious people to conduct Cross Site Scripting and script
insertion attacks.
--
[SA11619] Gentoo update for libpng
Critical: Less critical
Where: From remote
Impact: DoS
Released: -05-17
Gentoo has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.
--
[SA11612] Fedora update for libpng
Critical: Less critical
Where: From remote
Impact: DoS
Released: -05-14
Fedora has issued updates for libpng. These fix a vulnerability,
potentially allowing malicious people to cause a Denial of Service
against certain applications.
--
[SA11628] SGI IRIX rpc.mountd Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: -05-18
SGI has reported a vulnerability in IRIX, allowing malicious people to
cause a DoS (Denial of Service) on the rpc.mountd daemon.
--
[SA11668] Red Hat update for mc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-20
Red Hat has issued updates for mc. These fix some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.
--
[SA11621] Slackware update for mc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-17
Slackware has issued updates for mc. These fix some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.
--
[SA11618] SuSE update for mc
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-17
SuSE has issued updates for mc. These fix some vulnerabilities, which
can be exploited by malicious, local users to gain escalated
privileges.
--
[SA11615] HP-UX B6848AB GTK+ Support Libraries Insecure Directory
Permissions
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: -05-14
HP has reported a vulnerability in HP-UX, which can be exploited by
malicious, local users to manipulate the content of certain files.
--
[SA11609] Gentoo update for utempter
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: -05-14
Gentoo has issued an update for utempter. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions with higher privileges on a vulnerable system.
--
[SA11605] OpenBSD procfs Integer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, DoS
Released: -05-13
OpenBSD has issued patches for procfs. These fix a vulnerability, which
potentially can be exploited by malicious, local users to cause a DoS
(Denial of Service) or gain knowledge of sensitive information.
--
[SA11616] Sun Solaris SMC Web Server File Enumeration Security Issue
Critical: Not critical
Where: From local network
Impact: Exposure of system information
Released: -05-14
Jon Hart has reported a security issue in Sun Solaris, which can be
exploited by malicious people to enumerate files on an affected
system.
--
[SA11611] Fedora update for iproute
Critical: Not critical
Where: Local system
Impact: DoS
Released: -05-14
Fedora has issued updated packages for iproute. These fix a
vulnerability, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).
Other:--
[SA11632] Sidewinder G2 Firewall Multiple Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: -05-18
Multiple vulnerabilities have been reported in Sidewinder, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).
--
[SA11603] Sweex Wireless Broadband Router Exposure of Configuration
Critical: Moderately critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information
Released: -05-13
Mark Janssen has reported a vulnerability in Sweex Wireless Broadband
Router/Accesspoint, allowing malicious people to gain knowledge of the
configuration.
--
[SA11627] Blue Coat Security Gateway OS Private Key Disclosure
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Released: -05-18
A security issue has been reported in Blue Coat SGOS, which may
disclose private keys associated with imported certificates.
--
[SA11606] Linksys BEF Series Routers DHCP Vulnerability
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information, DoS
Released: -05-13
Jon Hart has reported a vulnerability in Linksys BEFSR41 and BEFW11S4,
which can be exploited by malicious people to gain knowledge of
sensitive information or cause a DoS (Denial of Service)
Cross Platform:--
[SA11649] Zen Cart SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: -05-19
Oliver Minack has reported a vulnerability in Zen Cart, allowing
malicious people to conduct SQL injection attacks.
--
[SA11640] phpMyFAQ Arbitrary File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: -05-19
Stefan Esser has reported a vulnerability in phpMyFAQ, allowing
malicious people to view arbitrary local files and potentially execute
arbitrary local php code.
--
[SA11639] Java Secure Socket Extension Unspecified Server Certificate
Validation Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing
Released: -05-19
A vulnerability has been discovered in JSSE (Java Secure Socket
Extension), allowing malicious websites to impersonate trusted
websites.
--
[SA11625] PHP-Nuke Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: -05-18
Janek Vind has reported three vulnerabilities in PHP-Nuke, allowing
malicious people to conduct Cross Site Scripting attacks and
potentially compromise a vulnerable system.
--
[SA11608] Ethereal Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: -05-14
Multiple vulnerabilities have been discovered in Ethereal, which can be
exploited by malicious people to compromise a vulnerable system or
cause a DoS (Denial-of-Service).
--
[SA11602] Multiple Browsers Telnet URI Handler File Manipulation
Vulnerability
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: -05-13
A vulnerability has been reported in various browsers, which can be
exploited by malicious people to create or truncate files on a user's
system.
--
[SA11624] osCommerce Directory Traversal Vulnerability
Critical: Not critical
Where: From remote
Impact: Exposure of sensitive information
Released: -05-19
l0om has reported a security issue in osCommerce, allowing malicious
administrative users to view arbitrary local files.
