New Security Vulnerabilities 27th September 2007

The following new security tests were added to Telspace' database:

 

TOTAL THREATS IN THE DATABASE 15448

 

NEW THREATS RISK FACTOR SUMMARY
(*****) Urgent Risk 3
(**** ) Critical Risk 29
(*** ) High Risk 15
(** ) Medium Risk 6
(* ) Low Risk 2

 

NEW THREATS FAMILY SUMMARY
Windows 12
Gentoo Local Checks 11
Web Services 7
Mandrake Local Checks 6
Microsoft Bulletins 4
Red Hat Local Checks 3
Debian Local Checks 3
FreeBSD Local Checks 3
Service Detection 2
Remote Shell Access 1
Centos Local Checks 1
Slackware Local Checks 1
Fedora Local Checks 1

 

(*****) Urgent Risk - Windows
Hexamail POP3 Buffer Overflow Vulnerability (registry check)

(*****) Urgent Risk - Windows
MailMarshal Tar File Directory Traversal Vulnerability

(*****) Urgent Risk - Remote Shell Access
Hexamail POP3 Buffer Overflow Vulnerability

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0883: qt

(**** ) Critical Risk - Debian Local Checks
 [DSA1376] DSA-1376-1 kdebase

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:180: id3lib

(**** ) Critical Risk - Mandrake Local Checks
MDKA-2007:090: bind

(**** ) Critical Risk - Centos Local Checks
CentOS : RHSA-2007-0883

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:178: x11-server

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:179: fetchmail

(**** ) Critical Risk - Web Services
MapServer Multiple Remote Vulnerabilities

(**** ) Critical Risk - Gentoo Local Checks
 [GLSA-200709-14] ClamAV: Multiple vulnerabilities

(**** ) Critical Risk - Windows
OpenOffice < 2.3 TIFF Parser Buffer Overflow Vulnerabilities

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:181: librpcsecgss

(**** ) Critical Risk - Windows
Photo Upload Plugin Buffer Overflow Vulnerabilities

(**** ) Critical Risk - Windows
ER Mapper NCSView ActiveX Buffer Overflow Vulnerabilities

(**** ) Critical Risk - Windows
WinSCP URL Protocol Handler Vulnerability

(**** ) Critical Risk - Debian Local Checks
[DSA1377] DSA-1377-2 fetchmail

(**** ) Critical Risk - Windows
PhotoParade Player PhPInfo ActiveX Buffer Overflow Vulnerability

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0892: krb

(**** ) Critical Risk - Windows
Intuit QuickBooks Online Edition < 10 ActiveX Multiple Vulnerabilities

(**** ) Critical Risk - Windows
Office Viewer Component < 5.0 Multiple Vulnerabilities

(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)

(**** ) Critical Risk - Red Hat Local Checks
RHSA-2007-0705: kernel

(**** ) Critical Risk - Windows
Office Viewer Component Insecure HttpDownloadFile Method Vulnerability

(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)

(**** ) Critical Risk - Debian Local Checks
 [DSA1375] DSA-1375-1 openoffice.org

(**** ) Critical Risk - Windows
3DGreetings Player ActiveX Buffer Overflow Vulnerabilities

(**** ) Critical Risk - Microsoft Bulletins
Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)

(**** ) Critical Risk - Mandrake Local Checks
MDKSA-2007:183: qt

(**** ) Critical Risk - Fedora Local Checks
Fedora Core 6 2007-694: krb5

(**** ) Critical Risk - Windows
R-Viewer < 1.6.3768 Multiple Vulnerabilities

(*** ) High Risk - Gentoo Local Checks
 [GLSA-200709-06] flac123: Buffer overflow

(*** ) High Risk - Gentoo Local Checks
 [GLSA-200709-12] Poppler: Two buffer overflow vulnerabilities

(*** ) High Risk - Web Services
Adobe Connect Enterprise Server Information Disclosure Vulnerability

(*** ) High Risk - Web Services
Joomla!Radio mosConfig_live_site Parameter Remote File Include Vulnerability

(*** ) High Risk - Web Services
Lighttpd mod_fastcgi Header Overflow Vulnerability

(*** ) High Risk - Gentoo Local Checks
 [GLSA-200709-09] GNU Tar: Directory traversal vulnerability

(*** ) High Risk - Gentoo Local Checks
 [GLSA-200709-07] Eggdrop: Buffer overflow

(*** ) High Risk - Microsoft Bulletins
Vulnerability in Windows Services for UNIX Could Allow Elevation of Privilege (939778)

(*** ) High Risk - Gentoo Local Checks
 [GLSA-200709-05] RealPlayer: Buffer overflow

(*** ) High Risk - Web Services
Lighttpd Status Module Information Disclosure Vulnerability

(*** ) High Risk - Gentoo Local Checks
 [GLSA-200709-04] po4a: Insecure temporary file creation

(*** ) High Risk - Gentoo Local Checks
 [GLSA-200709-08] id3lib: Insecure temporary file creation

(*** ) High Risk - Web Services
Apache < 2.2.6 Multiple Vulnerabilities

(*** ) High Risk - Web Services
Claroline language Parameter Local File Include Vulnerability

(*** ) High Risk - Gentoo Local Checks
 [GLSA-200709-13] rsync: Two buffer overflows

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : lighttpd -- FastCGI header overrun in mod_fastcgi (996)

(** ) Medium Risk - Slackware Local Checks
SSA-2007-264-01 kdebase, kdelibs

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : php -- multiple vulnerabilities (997)

(** ) Medium Risk - FreeBSD Local Checks
FreeBSD : apache -- multiple vulnerabilities (998)

(** ) Medium Risk - Gentoo Local Checks
 [GLSA-200709-11] GDM: Local Denial of Service

(** ) Medium Risk - Gentoo Local Checks
 [GLSA-200709-10] PhpWiki: Authentication bypass

(* ) Low Risk - Service Detection
Tor Server Detection

(* ) Low Risk - Service Detection
PostgreSQL Server Detection

 

 

 


Terms and Conditions | Acceptable Use Policy Copyright © 2010 Telspace. All Rights Reserved