English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 73247 CVE descriptions
and 39212 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.64151
Category:Ubuntu Local Security Checks
Title:Ubuntu USN-774-1 (moin)
Summary:Ubuntu USN-774-1 (moin)
Description:The remote host is missing an update to moin
announced via advisory USN-774-1.

Details follow:

It was discovered that MoinMoin did not properly sanitize its input when
attaching files, resulting in cross-site scripting (XSS) vulnerabilities.
With cross-site scripting vulnerabilities, if a user were tricked into
viewing server output during a crafted server request, a remote attacker
could exploit this to modify the contents, or steal confidential data,
within the same domain.

Solution:
The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
python-moinmoin 1.7.1-1ubuntu1.2

Ubuntu 9.04:
python-moinmoin 1.8.2-2ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

http://www.securityspace.com/smysecure/catid.html?in=USN-774-1
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-1482
Debian Security Information: DSA-1791 (Google Search)
http://www.debian.org/security/2009/dsa-1791
http://www.ubuntu.com/usn/USN-774-1
BugTraq ID: 34631
http://www.securityfocus.com/bid/34631
http://secunia.com/advisories/34821
http://secunia.com/advisories/35024
http://secunia.com/advisories/34945
http://www.vupen.com/english/advisories/2009/1119
XForce ISS Database: moinmoin-errormsg-xss(50356)
http://xforce.iss.net/xforce/xfdb/50356
Common Vulnerability Exposure (CVE) ID: CVE-2008-0068
Bugtraq: 20080414 Secunia Research: HP OpenView Network Node Manager OpenView5.exeDirectory Traversal (Google Search)
http://www.securityfocus.com/archive/1/archive/1/490834/100/0/threaded
Bugtraq: 20080411 Directory traversal and multiple Denials of Service in HP OpenView NNM 7.53 (Google Search)
http://www.securityfocus.com/archive/1/490771
http://aluigi.altervista.org/adv/closedviewx-adv.txt
http://secunia.com/secunia_research/2008-4/advisory/
HPdes Security Advisory: HPSBMA02349
http://marc.info/?l=bugtraq&m=121553649611253&w=2
HPdes Security Advisory: SSRT080043
BugTraq ID: 28745
http://www.securityfocus.com/bid/28745
http://www.vupen.com/english/advisories/2008/1214/references
http://www.osvdb.org/44359
http://www.securitytracker.com/id?1019838
http://www.securitytracker.com/id?1019839
http://secunia.com/advisories/29796
http://securityreason.com/securityalert/3814
XForce ISS Database: hpopenview-openview5-directory-traversal(41790)
http://xforce.iss.net/xforce/xfdb/41790
Common Vulnerability Exposure (CVE) ID: CVE-2008-1697
http://www.milw0rm.com/exploits/5342
http://www.offensive-security.com/0day/hp-nnm-ov.py.txt
HPdes Security Advisory: HPSBMA02348
http://marc.info/?l=bugtraq&m=121553626110871&w=2
HPdes Security Advisory: SSRT080033
BugTraq ID: 28569
http://www.securityfocus.com/bid/28569
http://www.vupen.com/english/advisories/2008/1085/references
http://www.securitytracker.com/id?1019782
http://secunia.com/advisories/29641
XForce ISS Database: hpopenview-ovas-bo(41600)
http://xforce.iss.net/xforce/xfdb/41600
Common Vulnerability Exposure (CVE) ID: CVE-2008-0928
http://marc.info/?l=debian-security&m=120343592917055&w=2
Debian Security Information: DSA-1799 (Google Search)
http://www.debian.org/security/2009/dsa-1799
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
http://www.mandriva.com/security/advisories?name=MDVSA-2009:016
http://www.redhat.com/support/errata/RHSA-2008-0194.html
SuSE Security Announcement: SUSE-SR:2009:008 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
BugTraq ID: 28001
http://www.securityfocus.com/bid/28001
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9706
http://secunia.com/advisories/29172
http://secunia.com/advisories/29081
http://secunia.com/advisories/29963
http://secunia.com/advisories/29129
http://secunia.com/advisories/29136
http://secunia.com/advisories/34642
http://secunia.com/advisories/35031
Common Vulnerability Exposure (CVE) ID: CVE-2008-4539
http://www.mail-archive.com/cvs-all@freebsd.org/msg129730.html
http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source
http://www.mail-archive.com/secure-testing-commits@lists.alioth.debian.org/msg09322.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html
http://www.ubuntu.com/usn/usn-776-1
http://secunia.com/advisories/25073
http://secunia.com/advisories/33350
http://secunia.com/advisories/35062
XForce ISS Database: qemu-kvm-cirrusvga-bo(47736)
http://xforce.iss.net/xforce/xfdb/47736
Common Vulnerability Exposure (CVE) ID: CVE-2008-1945
RedHat Security Advisories: RHSA-2008:0892
https://rhn.redhat.com/errata/RHSA-2008-0892.html
BugTraq ID: 30604
http://www.securityfocus.com/bid/30604
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9905
http://www.securitytracker.com/id?1020959
http://secunia.com/advisories/32063
http://secunia.com/advisories/32088
XForce ISS Database: qemu-image-security-bypass(44269)
http://xforce.iss.net/xforce/xfdb/44269
Common Vulnerability Exposure (CVE) ID: CVE-2009-1464
Bugtraq: 20090512 Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/archive/1/503434/100/0/threaded
http://www.syhunt.com/advisories/?id=aas-multiple
http://www.syhunt.com/advisories/aashack.txt
BugTraq ID: 34911
http://www.securityfocus.com/bid/34911
http://securitytracker.com/id?1022204
http://secunia.com/advisories/35034
Common Vulnerability Exposure (CVE) ID: CVE-2009-1465
XForce ISS Database: aas-default-password(50589)
http://xforce.iss.net/xforce/xfdb/50589
Common Vulnerability Exposure (CVE) ID: CVE-2009-1466
XForce ISS Database: aas-aas-info-disclosure(50590)
http://xforce.iss.net/xforce/xfdb/50590
Common Vulnerability Exposure (CVE) ID: CVE-2009-0042
Bugtraq: 20090127 CA20090126-01: CA Anti-Virus Engine Detection Evasion Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/archive/1/500417/100/0/threaded
BugTraq ID: 33464
http://www.securityfocus.com/bid/33464
http://www.vupen.com/english/advisories/2009/0270
http://www.securitytracker.com/id?1021639
XForce ISS Database: ca-antivirus-engine-security-bypass(48261)
http://xforce.iss.net/xforce/xfdb/48261
Common Vulnerability Exposure (CVE) ID: CVE-2009-1131
Bugtraq: 20090512 Secunia Research: Microsoft PowerPoint Atom Parsing Buffer Overflows (Google Search)
http://www.securityfocus.com/archive/1/503451
http://secunia.com/secunia_research/2008-46/
Microsoft Security Bulletin: MS09-017
http://www.microsoft.com/technet/security/Bulletin/MS09-017.mspx
Cert/CC Advisory: TA09-132A
http://www.us-cert.gov/cas/techalerts/TA09-132A.html
BugTraq ID: 34841
http://www.securityfocus.com/bid/34841
http://osvdb.org/54393
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5351
http://www.securitytracker.com/id?1022205
http://secunia.com/advisories/32428
http://www.vupen.com/english/advisories/2009/1290
Common Vulnerability Exposure (CVE) ID: CVE-2009-0556
Bugtraq: 20090512 ZDI-09-019: Microsoft Office PowerPoint OutlineTextRefAtom Parsing Memory Corruption Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/archive/1/503453/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-09-019
CERT/CC vulnerability note: VU#627331
http://www.kb.cert.org/vuls/id/627331
BugTraq ID: 34351
http://www.securityfocus.com/bid/34351
http://osvdb.org/53182
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6204
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6279
http://www.securitytracker.com/id?1021967
http://secunia.com/advisories/34572
http://www.vupen.com/english/advisories/2009/0915
XForce ISS Database: powerpoint-unspecified-code-execution(49632)
http://xforce.iss.net/xforce/xfdb/49632
Common Vulnerability Exposure (CVE) ID: CVE-2009-1130
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=794
Bugtraq: 20090512 ZDI-09-020: Microsoft Office PowerPoint Notes Container Heap Overflow Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/503454
http://www.zerodayinitiative.com/advisories/ZDI-09-020/
BugTraq ID: 34840
http://www.securityfocus.com/bid/34840
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5961
Common Vulnerability Exposure (CVE) ID: CVE-2009-0227
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=787
BugTraq ID: 34882
http://www.securityfocus.com/bid/34882
http://osvdb.org/54384
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6239
Common Vulnerability Exposure (CVE) ID: CVE-2009-0223
BugTraq ID: 34834
http://www.securityfocus.com/bid/34834
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6269
Common Vulnerability Exposure (CVE) ID: CVE-2009-0220
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=790
BugTraq ID: 34833
http://www.securityfocus.com/bid/34833
http://osvdb.org/54386
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5610
Common Vulnerability Exposure (CVE) ID: CVE-2009-1128
BugTraq ID: 34837
http://www.securityfocus.com/bid/34837
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5416
Common Vulnerability Exposure (CVE) ID: CVE-2009-1572
http://www.openwall.com/lists/oss-security/2009/05/01/1
http://www.openwall.com/lists/oss-security/2009/05/01/2
http://marc.info/?l=quagga-dev&m=123364779626078&w=2
http://thread.gmane.org/gmane.network.quagga.devel/6513
Debian Security Information: DSA-1788 (Google Search)
http://www.debian.org/security/2009/dsa-1788
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:109
SuSE Security Announcement: SUSE-SR:2009:012 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html
http://www.ubuntu.com/usn/usn-775-1
BugTraq ID: 34817
http://www.securityfocus.com/bid/34817
http://www.osvdb.org/54200
http://www.securitytracker.com/id?1022164
http://secunia.com/advisories/34999
http://secunia.com/advisories/35061
http://secunia.com/advisories/35203
http://secunia.com/advisories/35685
XForce ISS Database: quagga-systemnumber-dos(50317)
http://xforce.iss.net/xforce/xfdb/50317
CopyrightCopyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 39212 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.