securityadmin's blog

phpMyAdmin SQL Injection Vulnerability

http://secunia.com/advisories/29200/ - By coaxing a phpMyAdmin user to view a malicious file on the same web server as phpMyAdmin, it is possible to overwrite a vulnerable cookie on that users system. This cookie could allow for arbitrary SQL injection via phpMyAdmin. This vulnerability poses low to no risk as the attack method requires access to the web server hosting phpMyAdmin. It is recommended that the available patch to version 2.11.5 should be applied during the next update schedule for phpMyAdmin.

Xpdf Multiple Remote Vulnerabilities (through coercion)

http://www.securityfocus.com/bid/26367/info - Xpdf is vulnerable to arbitrary code execution in the context of the xpdf process. This exploit requires convincing the victim to open a malicious pdf file. Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected. A patch is available which fixes this hole (ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch). It is recommended to update xpdf when the vendor releases a new version.

Multiple vulnerabilities patched in Thunderbird

http://secunia.com/advisories/29133/ - Multiple vulnerabilities were fixed in Thunderbird. These include heap overflows, information disclosure, directory traversal, privilege escalation and memory corruption crashes. These problems are fixed in version 2.0.0.12. It is worth mentioning that Thunderbird 1.5 is no longer supported. Mozilla has warned that these issues remain in Thunderbird 1.5.14 and are not scheduled to be fixed. It is recommended that all Thunderbird users upgrade to 2.0.0.12.

Xpdf Multiple Remote Vulnerabilities (through coercion)

http://www.securityfocus.com/bid/26367/info - Xpdf is vulnerable to arbitrary code execution in the context of the xpdf process. This exploit requires convincing the victim to open a malicious pdf file. Xpdf 3.02pl1 is vulnerable to these issues; other versions may also be affected. A patch is available which fixes this hole (ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch). It is recommended to update xpdf when the vendor releases a new version.

Multiple vulnerabilities patched in Thunderbird

http://secunia.com/advisories/29133/ - Multiple vulnerabilities were fixed in Thunderbird. These include heap overflows, information disclosure, directory traversal, privilege escalation and memory corruption crashes. These problems are fixed in version 2.0.0.12. It is worth mentioning that Thunderbird 1.5 is no longer supported. Mozilla has warned that these issues remain in Thunderbird 1.5.14 and are not scheduled to be fixed. It is recommended that all Thunderbird users upgrade to 2.0.0.12.

CUPS printing service vulnerability allows for DoS or potential remote access

http://secunia.com/advisories/28994/ - A vulnerability in the cups daemon may allow for a remote DoS or system compromise. This affects version 1.3.5 and possibly prior versions. CUPS v1.3.6 has been released and fixes this vulnerability. It is suggested to upgrade to v1.3.6.

Multiple Vulnerabilities in Horde v3.1.5

http://secunia.com/advisories/28382/ - http://secunia.com/advisories/28020/ - Multiple vulnerabilities in Horde v3.1.5 (and before) allow for security restriction bypass (by an authenticated user) and allow for iframe injection in HTML email which could be used to delete the users mail (from any external person). It is highly recommended to upgrade to v3.1.6.

Pages