New Security Vulnerabilities 2nd November 2007
The following new security tests were added to Telspace' database:
TOTAL THREATS IN THE DATABASE 16921
NEW THREATS RISK FACTOR SUMMARY
(*****) Urgent Risk 9
(**** ) Critical Risk 1382
(*** ) High Risk 35
(** ) Medium Risk 30
(* ) Low Risk 13
NEW THREATS FAMILY SUMMARY
HP-UX Local Checks 726
SuSE Local Checks 409
Solaris Local Checks 109
Gentoo Local Checks 34
Red Hat Local Checks 30
Windows 27
FreeBSD Local Checks 24
Centos Local Checks 19
Debian Local Checks 19
Mandrake Local Checks 17
Fedora Local Checks 15
Service Detection 9
Web Services 7
Microsoft Bulletins 6
Remote Shell Access 5
Miscellaneous 4
Cross-Site Scripting 4
Slackware Local Checks 3
Database Services 1
FTP Services 1
(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (sparc) : 121913-15
(**** ) Critical Risk - Solaris Local Checks
Solaris 8 (sparc) : 125437-10
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHSS_36407
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHSS_28878
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHKL_27994
(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-715: openssh
(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0909: kdelibs
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHSS_29754
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHCO_31106
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHSS_35555
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: qt3: Securityfix for integer overflow in Pixmap handling (qt3-2189)
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHCO_33360
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: OpenOffice_org: Security fix for Macro execution problem. (OpenOffice_org-1698)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: xine-lib: Fixed various buffer overflow security problems (xine-lib-2308)
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHCO_22314
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHNE_21581
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHNE_35920
(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-707: httpd
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: clamav security update (clamav-1941)
(**** ) Critical Risk - Web Services
CA Host-Based Intrusion Prevention System Server Default Credentials
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHKL_28990
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHSS_35046
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: php5: Security update to fix various security issues (php5-3745)
(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0909
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 126422-01
(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:195: kernel
(**** ) Critical Risk - Windows
Kaspersky Web Scanner ActiveX Format String Vulnerability
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: gpg: This update fixes a segmentaion fault (gpg-1955)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: imlib2: Fixed various security problems in imlib2-loaders (imlib2-loaders-2244)
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 127784-01
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: tar: fix function safer_name_suffix() (tar-4170)
(**** ) Critical Risk - Solaris Local Checks
Solaris 9 (i386) : 114265-13
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: spamassassin: Securityfix for potential remote root exploit. (spamassassin-1904)
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHNE_15583
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: quagga security update (quagga-3233)
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: libextractor: security update (libextractor-4041)
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHNE_31929
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (i386) : 126259-03
(**** ) Critical Risk - SuSE Local Checks
SuSE Security Update: mutt: APOP vulnerable to password guessing (mutt-3702)
(**** ) Critical Risk - Solaris Local Checks
Solaris 10 (sparc) : 126868-01
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHKL_33258
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHCO_25429
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHSS_30104
(**** ) Critical Risk - HP-UX Local Checks
HP-UX Security patch : PHSS_35966
(*** ) High Risk - Windows
CA Host-Based Intrusion Prevention System Server Log Injection Vulnerability
(*** ) High Risk - Miscellaneous
Weak Supported SSL Ciphers Suites
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-22] TRAMP: Insecure temporary file creation
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-08] KOffice, KWord, KPDF, KDE Graphics Libraries:
Stack-based buffer overflow
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-31] Opera: Multiple vulnerabilities
(*** ) High Risk - Gentoo Local Checks
[GLSA-200709-17] teTeX: Multiple buffer overflows
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-27] ImageMagick: Multiple vulnerabilities
(*** ) High Risk - SuSE Local Checks
SUSE-SA:2007:047: bind, bind9
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-05] QGit: Insecure temporary file creation
(*** ) High Risk - Web Services
LiteSpeed Web Server Null Byte Source Code Disclosure Vulnerability
(*** ) High Risk - Cross-Site Scripting
IceWarp Merak Mail Server < 9.0.0 Cross-Site Scripting Vulnerability
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-29] Sylpheed, Claws Mail: User-assisted remote execution of arbitrary code
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-28] Qt: Buffer overflow
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-19] The Sleuth Kit: Integer underflow
(*** ) High Risk - Windows
Lotus Notes Client Memory Mapped Files Vulnerability
(*** ) High Risk - Cross-Site Scripting
GForge confirm_hash Parameter Cross-Site Scripting Vulnerability
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-12] T1Lib: Buffer overflow
(*** ) High Risk - Web Services
ADOdb Lite last_module Parameter Command Execution Vulnerability
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-10] SKK Tools: Insecure temporary file creation
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-17] Balsa: Buffer overflow
(*** ) High Risk - Web Services
Original exif_prog Parameter Command Execution Vulnerability
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-24] OpenOffice.org: Heap-based buffer overflow
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-20] PDFKit, ImageKits: Buffer overflow
(*** ) High Risk - Web Services
Cart32 Arbitrary File Retrieval Vulnerability
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-14] DenyHosts: Denial of Service
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-07] Tk: Buffer overflow
(*** ) High Risk - Cross-Site Scripting
Tomcat cal2.jsp Sample App Cross-Site Scripting Vulnerability
(*** ) High Risk - Cross-Site Scripting
Google Search Appliance ie Parameter Cross-Site Scripting Vulnerability
(*** ) High Risk - Windows
SMB guest account for all users
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-03] libvorbis: Multiple vulnerabilities
(*** ) High Risk - Miscellaneous
MagniComp SysInfo Agent Accessible
(*** ) High Risk - Gentoo Local Checks
[GLSA-200710-04] libsndfile: Buffer overflow
(*** ) High Risk - Web Services
Web Server Uses Plain Text Authentication Forms
(*** ) High Risk - Microsoft Bulletins
Vulnerability in Windows SharePoint Could Result in Elevation of Privilege (942017)
(*** ) High Risk - Gentoo Local Checks [GLSA-200710-09] NX 2.1: User-assisted execution of arbitrary code
(** ) Medium Risk - Slackware Local Checks
SSA-2007-275-01 pidgin
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : ldapscripts -- Command Line User Credentials Disclosure (1021)
(** ) Medium Risk - Gentoo Local Checks
[GLSA-200710-13] Ampache: Multiple vulnerabilities
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : mediawiki -- cross site scripting vulnerability (1008)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : samba -- nss_info plugin privilege escalation vulnerability (1006)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : wordpress -- remote sql injection vulnerability (1007)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : nagios-plugins -- Long Location Header Buffer Overflow Vulnerability (1017)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : tcl/tk -- buffer overflow in ReadImage function (1012)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : mozilla -- code execution via Quicktime media-link files (1001)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : bugzilla -- multiple vulnerabilities (1004)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : bugzilla -- 'createmailregexp' security bypass vulnerability
(1010)
(** ) Medium Risk - Windows
F-Secure Anti-Virus for Windows Servers Bypass Vulnerability
(** ) Medium Risk - Slackware Local Checks
SSA-2007-297-01 firefox, seamonkey
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : drupal --- multiple vulnerabilities (1022)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : konquerer -- address bar spoofing (999)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : ImageMagick -- multiple vulnerabilities (1016)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : id3lib -- insecure temporary file creation (1009)
(** ) Medium Risk - Slackware Local Checks
SSA-2007-283-01 glibc-zoneinfo
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : coppermine -- multiple vulnerabilities (1003)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : jdk/jre -- Applet Caching May Allow Network Access Restrictions to be Circumvented (1014)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : xfs -- multiple vulnerabilites (1013)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : firefox -- OnUnload Javascript browser entrapment vulnerability (1020)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : kdm -- passwordless login vulnerability (1002)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : png -- multiple vulnerabilities (1015)
(** ) Medium Risk - Gentoo Local Checks
[GLSA-200710-23] Star: Directory traversal vulnerability
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : phpmyadmin -- cross-site scripting vulnerability (1018)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : flyspray -- authentication bypass (1000)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : phpmyadmin -- cross-site scripting vulnerability (1019)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : clamav -- multiple remote Denial of Service vulnerabilities (1005)
(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : firebird -- multiple remote buffer overflow vulnerabilities (1011)
(* ) Low Risk - Service Detection
OEJP Daemon Detection
(* ) Low Risk - Service Detection
Datagram Transport Layer Security Detection
(* ) Low Risk - Service Detection
BrightStor HSM Engine Detection (UDP)
(* ) Low Risk - Service Detection
IBM Tivoli Storage Manager Client Acceptor Daemon Detection
(* ) Low Risk - Service Detection
BrightStor HSM Engine Detection (TCP)
(* ) Low Risk - Windows
Microsoft Office Detection
(* ) Low Risk - Service Detection
HP Linux Imaging and Printing System HPSSD Daemon Detection
(* ) Low Risk - Windows
SMB registry can not be accessed by the scanner
(* ) Low Risk - Service Detection
X Font Service Detection
(* ) Low Risk - Windows
VMware Server Detection (Windows)
(* ) Low Risk - Windows
VMware Workstation Detection
(* ) Low Risk - Windows
SMB NULL session |
