New Security Vulnerabilities 2nd August 2007

The following new security tests were added to Telspace' database:

 

TOTAL THREATS IN THE DATABASE 15156


NEW THREATS RISK FACTOR SUMMARY
(*****) Urgent Risk 18
(**** ) Critical Risk 125
(*** ) High Risk 16
(** ) Medium Risk 16
(* ) Low Risk 3


NEW THREATS FAMILY SUMMARY
Mandrake Local Checks 21
Solaris Local Checks 19
Red Hat Local Checks 18
Debian Local Checks 17
Windows 17
Fedora Local Checks 16
Centos Local Checks 13
Web Services 12
Gentoo Local Checks 11
FreeBSD Local Checks 8
Microsoft Bulletins 6
Slackware Local Checks 6
Remote Shell Access 5
Service Detection 3
Miscellaneous 2
Denial of Service 2
MacOS X Local Checks 2

 

(*****) Urgent Risk - Remote Shell Access
Asterisk SIP Channel T.38 SDP Parsing Buffer Overflow Vulnerabilities

(*****) Urgent Risk - Web Services
paFileDB categories parameter SQL Injection Vulnerability

(*****) Urgent Risk - Remote Shell Access
Symantec Veritas Backup Exec for Windows Server RPC Heap Buffer Overflow
Vulnerability

(*****) Urgent Risk - Web Services
ServerView Arbitrary Command Execution Vulnerability

(*****) Urgent Risk - Miscellaneous
Xerox XRX07-001

(*****) Urgent Risk - Web Services
Trend Micro OfficeScan Server CGI Modules Multiple Vulnerabilities

(*****) Urgent Risk - Remote Shell Access
Sun Java System Directory Server Multiple Vulnerabilities

(*****) Urgent Risk - Remote Shell Access
Ipswitch IMail Server < 2006.21 Multiple Vulnerabilities

(*****) Urgent Risk - Windows
Kaspersky Anti-Virus for Check Point FireWall-1 Denial of Service
Vulnerability

(*****) Urgent Risk - Windows
RealPlayer for Windows < 6.0.12.1578

(*****) Urgent Risk - Windows
Vulnerability in Windows Active Directory Could Allow Remote Code
Execution (926122) - Network Check

(*****) Urgent Risk - Microsoft Bulletins
Vulnerabilities in .NET Framework Could Allow Remote Code Execution
(931212)

(*****) Urgent Risk - Web Services
SAP DB / MaxDB Web Server DBM_INTERN_TEST Event Buffer Overflow
Vulnerability

(*****) Urgent Risk - Microsoft Bulletins
Vulnerability in Windows Active Directory Could Allow Remote Code
Execution (926122)

(*****) Urgent Risk - Remote Shell Access
IBM Tivoli Storage Manager Multiple Buffer Overflow Vulnerabilities

(*****) Urgent Risk - Web Services
Joomla Expose Component Arbitrary File Upload Vulnerability

(*****) Urgent Risk - Microsoft Bulletins
Vulnerability in Microsoft Internet Information Services Could Allow
Remote Code Execution (939373)

(*****) Urgent Risk - Windows
Vulnerabilities in .NET Framework Could Allow Remote Code Execution
(931212) (Network Check)

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0534

(**** ) Critical Risk - Denial of Service
IBM Tivoli Provisioning Manager for OS Deployment TFTPD Blocksize Denial
of Service Vulnerability

(**** ) Critical Risk - Windows
AVG Scanning Engine Local Privilege Escalation Vulnerability

(**** ) Critical Risk - Windows
HP Instant Support SDD ActiveX Buffer Overflow Vulnerability

(**** ) Critical Risk - Debian Local Checks
[DSA1326] DSA-1326-1 fireflier-server

(**** ) Critical Risk - Debian Local Checks
[DSA1336] DSA-1336-1 mozilla-firefox

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0510: evolution

(**** ) Critical Risk - Debian Local Checks
[DSA1333] DSA-1333-1 libcurl3-gnutls

(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 123779-02

(**** ) Critical Risk - Web Services
CVS directory spider

(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in Windows Vista Firewall Could Allow Information
Disclosure (935807)

(**** ) Critical Risk - Windows
Sun Java Runtime Environment XML Signature Command Injection
Vulnerability (102993)

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-614: libexif

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0509

(**** ) Critical Risk - Windows
Firefox < 2.0.0.5

(**** ) Critical Risk - Debian Local Checks
[DSA1337] DSA-1337-1 xulrunner

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:137: krb5

(**** ) Critical Risk - Debian Local Checks
[DSA1325] DSA-1325-1 evolution

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:132: madwifi-source

(**** ) Critical Risk - Windows
Citrix Presentation Server Client PNAgent Long Filename Denial of
Service Vulnerability

(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (i386) : 126929-01

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0556: httpd

(**** ) Critical Risk - Debian Local Checks
[DSA1323] DSA-1323-1 krb5

(**** ) Critical Risk - Windows
QuickTime < 7.2 (Windows)

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:135: webmin

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:145: wireshark

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-600: kernel

(**** ) Critical Risk - Debian Local Checks
[DSA1332] DSA-1332-1 vlc

(**** ) Critical Risk - Debian Local Checks
[DSA1338] DSA-1338-1 iceweasel

(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (sparc) : 114669-04

(**** ) Critical Risk - Debian Local Checks
[DSA1331] DSA-1331-1 php4

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 5 2007-606: openoffice.org

(**** ) Critical Risk - Debian Local Checks
[DSA1335] DSA-1335-1 gimp

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 5 2007-617: httpd

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 5 2007-612: perl-Net-DNS

(**** ) Critical Risk - Gentoo Local Checks
[GLSA-200707-11] MIT Kerberos 5: Arbitrary remote code execution

(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (sparc) : 114716-05

(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (i386) : 114717-05

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0674: perl

(**** ) Critical Risk - Debian Local Checks
[DSA1329] DSA-1329-1 gfax

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0559: cman

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-615: httpd

(**** ) Critical Risk - Windows
Sun Java Web Start JNLP Overflow Vulnerability (102996)

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0562: krb

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0532: apache

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0510

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 5 2007-599: kernel

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:138: kdebase

(**** ) Critical Risk - Windows
Sun Java Web Start Arbitrary File Overwrite Vulnerability (102957)

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:136: evolution

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:140: apache

(**** ) Critical Risk - Debian Local Checks
[DSA1328] DSA-1328-1 unicon-imc2

(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (sparc) : 114356-12

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 5 2007-618: gimp

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0519

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:066: perl-DBD-mysql

(**** ) Critical Risk - Gentoo Local Checks
[GLSA-200707-10] Festival: Privilege elevation

(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in Microsoft Publisher Could Allow Remote Code Execution
(936548)

(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 125279-03

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:139: MySQL

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 5 2007-620: krb5

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:143: mplayer

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-621: krb5

(**** ) Critical Risk - Windows
Symantec Mail Security for SMTP Executable Parsing Denial of Service
Vulnerability

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0662: httpd

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0569: tomcat

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0534: httpd

(**** ) Critical Risk - Web Services
McAfee Common Management Agent 3.6.0.546 Multiple Vulnerabilities

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0675: perl

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:079: postfix

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0509: evolution

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0488

(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 126837-01

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:080: hdf5

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0533: httpd

(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (i386) : 126374-02

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:074: dhcp

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:133: emacs

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0488: kernel

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0605

(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (i386) : 114670-04

(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 123324-03

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0674

(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (i386) : 114357-11

(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 123809-02

(**** ) Critical Risk - Microsoft Bulletins
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
(936542)

(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (sparc) : 126373-02

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0520: xorg

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0675

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:077: console-tools

(**** ) Critical Risk - Debian Local Checks
[DSA1330] DSA-1330-1 php5

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0662

(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 125794-02

(**** ) Critical Risk - Debian Local Checks
[DSA1324] DSA-1324-1 hiki

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0519: xorg

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:065: mgetty

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0605: HelixPlayer

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:146: perl-Net-DNS

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0533

(**** ) Critical Risk - Debian Local Checks
[DSA1327] DSA-1327-1 gsambad

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0384: krb

(**** ) Critical Risk - Gentoo Local Checks
[GLSA-200707-01] Firebird: Buffer overflow

(**** ) Critical Risk - Windows
WinPcap NPF.SYS Local Privilege Escalation Vulnerability

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0562

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 5 2007-605: libexif

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0595: kernel

(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 125280-03

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:144: openoffice.org

(**** ) Critical Risk - MacOS X Local Checks
QuickTime < 7.2 (Mac OS X)

(**** ) Critical Risk - Windows
Flash Player APSB07-12

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 5 2007-595: evolution-data-server

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-609: perl-Net-DNS

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0556

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-628: wireshark

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-594: evolution-data-server

(**** ) Critical Risk - Debian Local Checks
[DSA1334] DSA-1334-1 freetype

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:069: x11-driver-video-vesa

(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 123325-03

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-619: gimp

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0384

(**** ) Critical Risk - Debian Local Checks
[DSA1340] DSA-1340-1 clamav

(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 121132-03

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:134: xfsdump

(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (sparc) : 126928-01

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:081: x11-server

(*** ) High Risk - Gentoo Local Checks
[GLSA-200707-07] MPlayer: Multiple buffer overflows

(*** ) High Risk - Windows
Vulnerability in SAVCE could allow Local Privilege Escalation (SYM07-017)

(*** ) High Risk - Gentoo Local Checks
[GLSA-200707-04] GNU C Library: Integer overflow

(*** ) High Risk - Gentoo Local Checks
[GLSA-200707-09] GIMP: Multiple integer overflows

(*** ) High Risk - Web Services
Calendarix month and year parameter SQL Injection Vulnerabilities

(*** ) High Risk - Windows
Nessus Windows GUI Cross-Site Scripting Vulnerability

(*** ) High Risk - Gentoo Local Checks
[GLSA-200707-03] Evolution: User-assisted remote execution of arbitrary
code

(*** ) High Risk - Web Services
Kaspersky Anti-Spam Control Center Information Disclosure Vulnerability

(*** ) High Risk - Web Services
Maia Mailguard lang Parameter Local File Include Vulnerability

(*** ) High Risk - Web Services
MailMarshal Spam Quarantine Password Retrieval Vulnerability

(*** ) High Risk - Denial of Service
MDaemon DomainPOP Denial of Service Vulnerability

(*** ) High Risk - MacOS X Local Checks
Mac OS X Security Update 2007-006

(*** ) High Risk - Web Services
AsteriDex IN Parameter Command Injection Vulnerability

(*** ) High Risk - Gentoo Local Checks
[GLSA-200707-02] OpenOffice.org: Two buffer overflows

(*** ) High Risk - Gentoo Local Checks
[GLSA-200707-08] NVClock: Insecure file usage

(*** ) High Risk - Gentoo Local Checks
[GLSA-200707-06] XnView: Stack-based buffer overflow

(** ) Medium Risk - Slackware Local Checks
SSA-2007-205-01 thunderbird

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : linux-flashplugin -- critical vulnerabilities (969)

(** ) Medium Risk - Slackware Local Checks
SSA-2007-200-01 firefox

(** ) Medium Risk - Slackware Local Checks
SSA-2007-178-01 gd

(** ) Medium Risk - Gentoo Local Checks
[GLSA-200707-05] Webmin, Usermin: Cross-site scripting vulnerabilities

(** ) Medium Risk - Miscellaneous
LDAP server information

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : evolution-data-server -- remote execution of arbitrary code
vulnerability (963)

(** ) Medium Risk - Slackware Local Checks
SSA-2007-164-01 libexif

(** ) Medium Risk - Slackware Local Checks
SSA-2007-165-01 thunderbird

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : flac123 -- stack overflow in comment parsing (964)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : wireshark -- Multiple problems (968)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : wordpress -- XMLRPC SQL Injection (962)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : typespeed -- arbitrary code execution (967)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : vlc -- format string vulnerability and integer overflow (966)

(** ) Medium Risk - Slackware Local Checks
SSA-2007-205-02 seamonkey

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : gd -- multiple vulnerabilities (965)

(* ) Low Risk - Service Detection
Ingres Data Access Server Detection

(* ) Low Risk - Service Detection
IBM Tivoli Storage Manager Service

(* ) Low Risk - Service Detection
Ingres Communications Server Detection

 

 

 


Terms and Conditions | Acceptable Use Policy Copyright © 2010 Telspace. All Rights Reserved