Internet Security Summary 0640
Internet Security Summary 0640
This Week Multiple browsers are vulnerable to the "Dialog Origin"vulnerability, which can be exploited by malicious people to spoof
JavaScript Dialog boxes.
Secunia has constructed a test, which can be used to check if your
browser is affected by this issue:
For more information about this issue, please refer to the advisories below.
VIRUS ALERTS:
This Weeks Top Ten Most Read Advisories:
1. [SA15489] Mozilla / Firefox / Camino Dialog Origin Spoofing
Vulnerability
2. [SA15491] Microsoft Internet Explorer Dialog Origin Spoofing
Vulnerability
3. [SA15411] Opera "javascript:" URL Cross-Site Scripting
Vulnerability
4. [SA15606] Internet Explorer Two Vulnerabilities
5. [SA15671] Java Web Start / Sun JRE Sandbox Security Bypass
Vulnerability
6. [SA15474] Safari Dialog Origin Spoofing Vulnerability
7. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
8. [SA15488] Opera Dialog Origin Spoofing Vulnerability
9. [SA15492] Internet Explorer for Mac Dialog Origin Spoofing
Vulnerability
10. [SA15008] Opera XMLHttpRequest Security Bypass
4) Vulnerabilities Summary Listing
Windows:
[SA15762] Fortibus CMS "username" and "ID" SQL Injection
Vulnerabilities
[SA15747] Ublog Reload SQL Injection and Cross-Site Scripting
[SA15734] Cool Cafe SQL Injection and Disclosure of Sensitive
Information
[SA15769] i-Gallery "folder" Cross-Site Scripting and Directory
Traversal
UNIX/Linux:
[SA15777] SUSE update for java2
[SA15755] Gentoo update for
sun-jdk/sun-jre-bin/blackdown-jdk/blackdown-jre
[SA15753] Gentoo update for peercast
[SA15750] Slackware update for sun-jdk/sun-jre
[SA15772] Fedora update for ruby
[SA15766] Gentoo update for squirrelmail
[SA15749] Sun ONE Messaging Server Unspecified Webmail Vulnerability
[SA15741] SUSE Updates for gpg2/telnet/unace/horde
[SA15740] Yaws Source Code Disclosure Vulnerability
[SA15730] Red Hat update for mc
[SA15773] Ubuntu update for tcpdump
[SA15770] cPanel cpsrvd.pl Cross-Site Scripting Vulnerability
[SA15768] Gentoo update for spamassassin/razor
[SA15754] NanoBlogger Plugins Shell Command Injection Vulnerability
[SA15751] Gentoo update for cpio
[SA15729] Red Hat update for bzip2
[SA15728] Fedora update for spamassassin
[SA15774] Ubuntu update for sudo
[SA15771] Fedora update for sudo
[SA15763] Novell NetMail File Ownership Security Issue
[SA15759] Slackware update for sudo
[SA15748] OpenBSD update for sudo
[SA15744] Sudo Arbitrary Command Execution Vulnerability
[SA15760] Avaya Products Telnet Client Information Disclosure Weakness
[SA15731] Red Hat update for gaim
Other:
[SA15757] Enterasys Vertical Horizon Switches Two Security Issues
[SA15765] Cisco VPN Concentrator Group Name Enumeration Weakness
Cross Platform:
[SA15767] Ruby XMLRPC Server Arbitrary Command Execution
[SA15758] MercuryBoard "User-Agent" SQL Injection Vulnerability
[SA15752] Trac Arbitrary File Upload/Download Vulnerability
[SA15735] XAMPP "lang.php" Script Insertion and Information Disclosure
[SA15732] Ultimate PHP Board Cross-Site Scripting and User Credentials
Exposure
[SA15775] Gentoo update for tor
[SA15764] Tor Disclosure of Sensitive Information
[SA15739] Razor-agents Denial of Service Vulnerabilities
[SA15738] Contelligent Preview Privilege Escalation Vulnerability
[SA15737] ajax-spell Cross-Site Scripting Vulnerability
[SA15736] amaroK Web Frontend Exposure of User Credentials
[SA15742] RealVNC Information Disclosure Weakness
[SA15733] e107 Administrator Account Enumeration Weakness
[SA15746] JBoss "org.jboss.web.WebServer" Information Disclosure
5) Vulnerabilities Content Listing
Windows:
[SA15762] Fortibus CMS "username" and "ID" SQL Injection
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
