Another week, another Adobe advisory.Â This time, it’s not reader, but ColdFusion 9 which shipped with a service someone forgot to lock down to the localhost which would allow an attacker to view system information as well as mess with search indexes.
Two advisories from Cisco as well this week, covering two different products and a few different vulnerabilities (XSS, SQLi, and escalation of privilege among them).Â Updates are also available for the iPhone OS for iPhones and iPod Touch devices which resolve vulnerabilities in different aspects of the OS.Â In many cases visiting or viewing malicious content could cause overflows, which may allow for code execution.Â An update for VMWare’s vCenter with more than 50 CVE’s covered, is also listed.
Some Open Source applications are also listed, one of the interesting ones is the e107 CMS, which was found to have a backdoor which was later used to compromise the project’s site before they applied their own patch (more details on that here).
- Adobe: Information Disclosure in ColdFusion 9
- Cisco Systems: Multiple Vulnerabilities in Cisco Unified MeetingPlace
- Cisco Systems: Cisco Secure Desktop Remote Cross-Site Scripting Vulnerability
- Apple: Multiple Vulnerabilities in iPhone OS
- VMWare: VMware vCenter update release addresses multiple security issues in Java JRE
- Lighttpd: slow request DoS/OOM attack
- Squid: DoS issue in DNS handling
- Bugzilla: Security Advisory for Bugzilla 3.0.10, 3.2.5, 3.4.4, and 3.5.2
- e107 CMS: Admin Authentication Backdoor