TelSpace - Hosting & IT Solution Provider

New Security Vulnerabilities 5th September 2007

The following new security tests were added to Telspace' database:

TOTAL THREATS IN THE DATABASE 15304

NEW THREATS RISK FACTOR SUMMARY
(*****) Urgent Risk 4
(**** ) Critical Risk 110
(*** ) High Risk 28
(** ) Medium Risk 30
(* ) Low Risk 6

NEW THREATS FAMILY SUMMARY
Windows 22
FreeBSD Local Checks 21
Gentoo Local Checks 19
Debian Local Checks 19
Mandrake Local Checks 18
Red Hat Local Checks 15
Fedora Local Checks 14
Centos Local Checks 11
Microsoft Bulletins 9
Slackware Local Checks 8
Web Services 6
Service Detection 6
Database Services 4
Remote Shell Access 2
Miscellaneous 1
Mail Services 1
MacOS X Local Checks 1
Cross-Site Scripting 1

(*****) Urgent Risk - Windows
NetVault Report Manager Scheduler Buffer Overflow Vulnerability

(*****) Urgent Risk - Windows
Winamp < 5.34 Multiple Vulnerabilities

(*****) Urgent Risk - MacOS X Local Checks
Mac OS X Security Update 2007-007

(*****) Urgent Risk - Remote Shell Access
Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities

(**** ) Critical Risk - Windows
Altiris Aclient Log File Viewer Privilege Escalation Vulnerability

(**** ) Critical Risk - Debian Local Checks
[DSA1349] DSA-1349-1 libextractor

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0735: xpdf

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:148: tcpdump

(**** ) Critical Risk - Web Services
EZPhotoSales Information Disclosure Vulnerabilities

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:150: clamav

(**** ) Critical Risk - Debian Local Checks
[DSA1356] DSA-1356-1 linux-2.6

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-647: bind

(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)

(**** ) Critical Risk - Debian Local Checks
[DSA1348] DSA-1348-1 poppler

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0724

(**** ) Critical Risk - Debian Local Checks
[DSA1353] DSA-1353-1 tcpdump

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0721: qt

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0732: poppler

(**** ) Critical Risk - Microsoft Bulletins
Cumulative Security Update for Internet Explorer (937143)

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0740: bind

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0720

(**** ) Critical Risk - Windows
Panda Antivirus EXE File Parsing Overflow Vulnerability

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0724: firefox

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0671

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:163: koffice

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:161: poppler

(**** ) Critical Risk - Debian Local Checks
[DSA1344] DSA-1344-1 iceweasel

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-653: gdm

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-662: vixie-cron

(**** ) Critical Risk - Debian Local Checks
[DSA1343] DSA-1343-1 file

(**** ) Critical Risk - Windows
Panda AdminSecure Communications Agent < 4.2 Heap Overflow Vulnerability

(**** ) Critical Risk - Windows
Mozilla Thunderbird < 2.0.0.5

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-661: openssl

(**** ) Critical Risk - Mail Services
Mercury SMTP Server AUTH CRAM-MD5 Buffer Overflow Vulnerability

(**** ) Critical Risk - Windows
SeaMonkey < 1.1.3

(**** ) Critical Risk - Web Services
SimpleFAQ Component aid SQL Injection Vulnerability

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-644: cups

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0729: kdegraphics

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0731: tetex

(**** ) Critical Risk - Windows
Nessus ScanCtrl ActiveX File Deletion Vulnerability

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-654: tcpdump

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0730: gpdf

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-655: kernel

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:086: mozilla-firefox

(**** ) Critical Risk - Debian Local Checks
[DSA1339] DSA-1339-1 iceape

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:160: pdftohtml

(**** ) Critical Risk - Debian Local Checks
[DSA1351] DSA-1351-1 bochs

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:152: mozilla-firefox

(**** ) Critical Risk - Web Services
Help Center Live Admin Authentication Bypass Vulnerabilities

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-641: thunderbird

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0720: cups

(**** ) Critical Risk - Windows
Sun Java Runtime Environment Font Parsing Privilege Escalation Vulnerability (103024)

(**** ) Critical Risk - Windows
Firefox < 2.0.0.6

(**** ) Critical Risk - Windows
Opera < 9.22 Multiple Vulnerabilities

(**** ) Critical Risk - Debian Local Checks
[DSA1347] DSA-1347-1 xpdf

(**** ) Critical Risk - Debian Local Checks
[DSA1350] DSA-1350-1 tetex-bin

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:084: update-alternatives

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0765

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0672: kernel

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-664: dovecot

(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in Windows Media Player Could Allow Remote Code Execution
(936782)

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0777: gdm

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-642: firefox

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:158: xpdf

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-669: tetex

(**** ) Critical Risk - Debian Local Checks
[DSA1352] DSA-1352-1 pdfkit.framework

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0777

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:164: tetex

(**** ) Critical Risk - Debian Local Checks
[DSA1341] DSA-1341-2 bind9

(**** ) Critical Risk - Web Services
PHP-Blogger pref.db Information Disclosure Vulnerability

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0740

(**** ) Critical Risk - Gentoo Local Checks
[GLSA-200707-14] tcpdump: Integer overflow

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:162: kdegraphics

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:153: gd

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-627: gimp

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:085: timezone

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0765: libgtop

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0723

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:151: qt3

(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)

(**** ) Critical Risk - Windows
Mozilla Thunderbird < 1.5.0.13 / 2.0.0.6

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0569

(**** ) Critical Risk - Database Services
Sybase ASA default database password

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:083: imap

(**** ) Critical Risk - Remote Shell Access
Computer Associates Multiple Products Message Queuing Remote Stack Buffer Overflow Vulnerability

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0671: kernel

(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)

(**** ) Critical Risk - Debian Local Checks
[DSA1357] DSA-1357-1 koffice

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0723: thunderbird

(**** ) Critical Risk - Windows
Yahoo! Widgets YDP ActiveX Buffer Overflow Vulnerability

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:149: bind

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0735

(**** ) Critical Risk - Web Services
Joomla GMaps Component mapId SQL Injection Vulnerability

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0731

(**** ) Critical Risk - Debian Local Checks
[DSA1345] DSA-1345-1 xulrunner

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:147: ImageMagick

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-657: libgtop2

(**** ) Critical Risk - Debian Local Checks
[DSA1358] DSA-1358-1 asterisk

(**** ) Critical Risk - Debian Local Checks
[DSA1346] DSA-1346-1 iceape

(**** ) Critical Risk - Gentoo Local Checks
[GLSA-200708-08] SquirrelMail G/PGP plugin: Arbitrary code execution

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-659: xorg-x11-xinit

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:165: cups

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0722

(**** ) Critical Risk - Web Services
LinPHA order parameter SQL Injection Vulnerability

(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in GDI Could Allow Remote Code Execution (938829)

(**** ) Critical Risk - Debian Local Checks
[DSA1354] DSA-1354-1 gpdf

(**** ) Critical Risk - Windows
Opera < 9.23 Arbitrary Code Execution Vulnerability

(**** ) Critical Risk - Windows
Trillian aim:// URI Handler Vulnerabilities

(**** ) Critical Risk - Debian Local Checks
[DSA1342] DSA-1342-1 xfs

(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)

(**** ) Critical Risk - Debian Local Checks
[DSA1355] DSA-1355-1 kdegraphics

(**** ) Critical Risk - Windows
SeaMonkey < 1.1.4

(**** ) Critical Risk - Microsoft Bulletins
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
(940965)

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0722: seamonkey

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-03] libarchive (formerly named as bsdtar): Multiple PaX Extension Header Vulnerabilities

(*** ) High Risk - Database Services
Sybase ASA Ping

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-05] GD: Multiple vulnerabilities

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-04] ClamAV: Denial of Service

(*** ) High Risk - Gentoo Local Checks
[GLSA-200707-12] VLC media player: Format string vulnerabilities

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-10] MySQL: Denial of Service and information leakage

(*** ) High Risk - Miscellaneous
SurgeMail IMAP Server SEARCH Command Command Buffer Overflow Vulnerability

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-14] NVIDIA drivers: Denial of Service

(*** ) High Risk - Windows
WinGate Invalid SMTP State Denial of Service Vulnerability

(*** ) High Risk - Database Services
DB2 < 9 FixPak 3 / 8 FixPak 15

(*** ) High Risk - Windows
ATI Catalyst Dynamic Driver Privilege Escalation Vulnerability

(*** ) High Risk - Database Services
MySQL 5.0 < 5.0.45 Multiple Vulnerabilities

(*** ) High Risk - Windows
Novell GroupWise Client Man-in-the-Middle Credentials Disclosure Vulnerability

(*** ) High Risk - Microsoft Bulletins
Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution
(938123)

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-07] Xfce Terminal: Remote arbitrary code execution

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-02] Xvid: Array indexing vulnerabilities

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-11] Lighttpd: Multiple vulnerabilities

(*** ) High Risk - Gentoo Local Checks
[GLSA-200707-13] Fail2ban: Denial of Service

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-09] Mozilla products: Multiple vulnerabilities

(*** ) High Risk - Windows
Cisco VPN Client Dial-up Networking Interface Privilege Escalation Vulnerability

(*** ) High Risk - Cross-Site Scripting
Joomla order Parameter Cross-Site Scripting Vulnerability

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-12] Wireshark: Multiple vulnerabilities

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-01] Macromedia Flash Player: Remote arbitrary code execution

(*** ) High Risk - Windows
NOD32 Run-Time Decompressors Multiple Vulnerabilities

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-06] Net::DNS: Multiple vulnerabilities

(*** ) High Risk - Windows
Ipswitch IM Server < 2.07 Denial of Service Vulnerability

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-13] BIND: Weak random number generation

(*** ) High Risk - Gentoo Local Checks
[GLSA-200708-16] Qt: Multiple format string vulnerabilities

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : p5-Net-DNS -- multiple Vulnerabilities (982)

(** ) Medium Risk - Slackware Local Checks
SSA-2007-222-04 seamonkey

(** ) Medium Risk - Slackware Local Checks
SSA-2007-230-01 tcpdump

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : tcpdump -- remote integer underflow vulnerability (983)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : vim -- Command Format String Vulnerability (977)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : tomcat -- XSS vulnerability in sample applications (975)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : xpdf -- stack based buffer overflow (984)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : FreeBSD -- Buffer overflow in tcpdump(1) (985)

(** ) Medium Risk - Slackware Local Checks
SSA-2007-222-02 poppler

(** ) Medium Risk - Slackware Local Checks
SSA-2007-222-03 qt

(** ) Medium Risk - Slackware Local Checks
SSA-2007-215-01 thunderbird

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : lighttpd -- multiple vulnerabilities (972)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : FreeBSD -- Predictable query ids in named(8) (986)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : phpsysinfo -- url Cross-Site Scripting (979)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : fsplib -- multiple vulnerabilities (988)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : dokuwiki -- XSS vulnerability in spellchecker backend (973)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : drupal -- Multiple cross-site scripting vulnerabilities (978)

(** ) Medium Risk - Slackware Local Checks
SSA-2007-213-01 firefox

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : tomcat -- multiple vulnerabilities (974)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : libvorbis -- Multiple memory corruption flaws (976)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : mutt -- buffer overflow vulnerability (981)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : wordpress -- unmoderated comments disclosure (990)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : opera -- multiple vulnerabilities (970)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : drupal -- Cross site request forgeries (980)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : joomla -- multiple vulnerabilities (987)

(** ) Medium Risk - Slackware Local Checks
SSA-2007-222-01 gimp

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : mozilla -- multiple vulnerabilities (971)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : opera -- Vulnerability in javascript handling (989)

(** ) Medium Risk - Gentoo Local Checks
[GLSA-200708-15] Apache mod_jk: Directory traversal

(** ) Medium Risk - Slackware Local Checks
SSA-2007-222-05 xpdf

(* ) Low Risk - Service Detection
Panda AdminSecure Communications Agent Detection

(* ) Low Risk - Service Detection
UltraVNC w/ DSM plugin detection (2)

(* ) Low Risk - Service Detection
Ipswitch Instant Messaging Client Detection

(* ) Low Risk - Service Detection
NetVault Process Manager Service Detection

(* ) Low Risk - Service Detection
Altiris Deployment Server Detection

(* ) Low Risk - Service Detection
Ipswitch Instant Messaging Server Detection

Terms and Conditions | Acceptable Use Policy