New Security Vulnerabilities 20th September 2007

The following new security tests were added to Telspace' database:

 

NEW THREATS RISK FACTOR SUMMARY
(*****) Urgent Risk 0
(**** ) Critical Risk 20
(*** ) High Risk 10
(** ) Medium Risk 3
(* ) Low Risk 3

 

NEW THREATS FAMILY SUMMARY
Debian Local Checks 7
Windows 6
Mandrake Local Checks 5
Web Services 5
Gentoo Local Checks 4
Slackware Local Checks 3
Centos Local Checks 2
MacOS X Local Checks 2
Remote Shell Access 1
Cross-Site Scripting 1

 

(**** ) Critical Risk - Debian Local Checks
 [DSA1368] DSA-1368-1 librpcsecgss

(**** ) Critical Risk - Debian Local Checks
 [DSA1373] DSA-1373-1 ktorrent

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0774

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:176: konqueror

(**** ) Critical Risk - Debian Local Checks
 [DSA1371] DSA-1371-1 phpwiki

(**** ) Critical Risk - Web Services
QuickEStore CFTOKEN parameter SQL Injection Vulnerability

(**** ) Critical Risk - Windows
ER Mapper NCSView ActiveX Buffer Overflow Vulnerabilities

(**** ) Critical Risk - Gentoo Local Checks
 [GLSA-200709-01] MIT Kerberos 5: Multiple vulnerabilities

(**** ) Critical Risk - Windows
Office Viewer Component < 5.0 Multiple Vulnerabilities

(**** ) Critical Risk - Windows
Office Viewer Component Insecure HttpDownloadFile Method Vulnerability

(**** ) Critical Risk - Debian Local Checks
 [DSA1370] DSA-1370-1 phpmyadmin

(**** ) Critical Risk - Debian Local Checks
[DSA1369] DSA-1369-1 gforge

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:089: proftpd

(**** ) Critical Risk - Web Services
MapServer Multiple Remote Vulnerabilities

(**** ) Critical Risk - Debian Local Checks
 [DSA1374] DSA-1374-1 jffnms

(**** ) Critical Risk - Debian Local Checks
 [DSA1372] DSA-1372-1 xorg-server

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0795

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:177: MySQL

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:174: krb5

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:175: eggdrop

(*** ) High Risk - Gentoo Local Checks
 [GLSA-200709-03] Streamripper: Buffer overflow

(*** ) High Risk - Gentoo Local Checks
 [GLSA-200709-02] KVIrc: Remote arbitrary code execution

(*** ) High Risk - Cross-Site Scripting
Tomcat SendMailServlet Sample App Cross-Site Scripting Vulnerability

(*** ) High Risk - Remote Shell Access
iTunes < 7.4 Malformed Music File Heap Overflow (Network Check)

(*** ) High Risk - Web Services
Claroline language Parameter Local File Include Vulnerability

(*** ) High Risk - Web Services
SecurityReporter < 4.6.3p1 Multiple Vulnerabilities

(*** ) High Risk - Gentoo Local Checks
 [GLSA-200708-17] Opera: Multiple vulnerabilities

(*** ) High Risk - Windows
Sophos Anti-Virus CAB, RAR and LZH Evasion Vulnerability

(*** ) High Risk - MacOS X Local Checks
iTunes < 7.4 Malformed Music File Heap Overflow (Mac OS X)

(*** ) High Risk - Windows
iTunes < 7.4 Malformed Music File Heap Overflow (Windows)

(** ) Medium Risk - Slackware Local Checks
SSA-2007-255-02 samba

(** ) Medium Risk - Slackware Local Checks
SSA-2007-255-03 php

(** ) Medium Risk - Slackware Local Checks
SSA-2007-255-01 openssh

(* ) Low Risk - Web Services
AWStats is Openly Accessible

(* ) Low Risk - MacOS X Local Checks
iTunes Version Detection (Mac OS X)

(* ) Low Risk - Windows
iTunes Version Detection (Windows)

 

 

 


Terms and Conditions | Acceptable Use Policy Copyright © 2010 Telspace. All Rights Reserved