Information Security News mailing list archives
Secunia Weekly Summary - Issue: 2007-32
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 10 Aug 2007 01:31:52 -0500 (CDT)
========================================================================
The Secunia Weekly Advisory Summary
2007-08-02 - 2007-08-09
This week: 53 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
========================================================================
2) This Week in Brief:
Cisco released several security advisories this week for various
products.
Cisco IOS and IOS XR are reportedly affected by a vulnerability that
can be exploited to disclose sensitive information or cause a Denial of
Service. The problem is due to an error when processing Ipv6 packets
with a Type 0 routing header. Sending a specially crafted packet may
lead to disclosure of a number of bytes of packet buffer memory, or to
crash the device.
This vulnerability affects Cisco IOS 12.x and Cisco IOS XR 3.x
products. Vendor patches have been released for some, but not all,
affected devices. for more information, refer to:
http://secunia.com/advisories/26359/
--
Several other vulnerabilities in Cisco IOS were disclosed.
The first, which could cause a denial of service and may allow a
malicious person to compromise a vulnerable system, is an error in
the implementation of the Next Hop Resolution Protocol, and can be
exploited to cause a buffer overflow.
The second, which can be exploited to bypass set security
restrictions, is due to an error in the Secure Copy (SCP)
implementation. It can be exploited to copy files (for example,
configuration files containing passwords) from and to an IOS device
without privilege levels being checked. The vulnerability reportedly
only affects certain 12.2-based IOS releases.
And the rest, which can be exploited to cause a denial of service or
potentially compromise a vulnerable system, are errors in processing
SIP, MGCP, H.323, and RTP packets. Another vulnerability is due to
an error in the way that the Facsimile reception processes overly
large packets.
The vulnerabilities affect Cisco IOS 12.x products. Vendor patches
have been released for some, but not all, affected devices. for more
information, refer to:
http://secunia.com/advisories/26360/
http://secunia.com/advisories/26361/
http://secunia.com/advisories/26363/
--
Cisco Unified Communications Manager also has a vulnerability that
can be exploited to cause a denial of service or to compromise a
vulnerable system. The problem is that there is an error in the way
that the product processes SIP packets, which can crash the device
or execute arbitrary code by sending a specially crafted SIP packet.
Cisco has patched all affected products. For more information,
refer to:
http://secunia.com/advisories/26362/
--
Some vulnerabilities in Cisco Unified MeetingPlace have also been
disclosed, which can be used to conduct cross-site scripting
attacks.
The vulnerabilities are due to the "STPL" and "FTPL"
parameters not being properly sanitised before being returned to the
user. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site.
Cisco has patched all affected products. For more information,
refer to:
http://secunia.com/advisories/26376/
--
Secunia Research has discovered multiple vulnerabilities in Ipswitch
Imail Server and Ipswitch Collaboration Suite.
Multiple boundary errors exist in the IMAP service when processing
certain "SEARCH" command search keys ("BEFORE", "ON",
"SINCE", "SENTBEFORE", "SENTON", "SENTSINCE"). This can be
exploited to cause stack-based buffer overflows via overly long,
quoted or unquoted arguments passed to the command.
The vulnerabilities remain unpatched. For more information:
http://secunia.com/advisories/26193/
--
VIRUS ALERTS:
During the past week Secunia collected 275 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA26317] JustSystems Ichitaro Document Processing Unspecified Code
Execution
2. [SA26313] GNOME Display Manager Denial of Service
3. [SA26320] Dovecot ACL Plugin "i" Right APPEND and COPY Weakness
4. [SA26301] Tor Unspecified ControlPort "torrc" Rewrite
Vulnerability
5. [SA26297] Ubuntu update for koffice
6. [SA26303] Slackware update for firefox
7. [SA26193] Ipswitch IMail Server "SEARCH" Command Multiple Buffer
Overflows
8. [SA26326] Sun Java System Web Server "redirect" Vulnerability
9. [SA26304] Interact Cross-Site Scripting Vulnerabilities
10. [SA26308] SUSE update for bind
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA26380] Dersimiz Haber Ekleme Modulu yorumkaydet.asp Script
Insertion
[SA26375] Ziyareti Defteri "isim" and "mesaj" Script Insertion
Vulnerabilities
[SA26371] Berthanas Ziyaretci Defteri "sifre" and "id" SQL Injection
[SA26362] Cisco Unified Communications Manager SIP Packet Processing
Vulnerability
[SA26338] Next Gen Portfolio Manager SQL Injection Vulnerabilities
[SA26334] Gallery in a Box Administrator Login SQL Injection
[SA26323] Hunkaray Okul Portali "id" SQL Injection
[SA26376] Cisco Unified MeetingPlace "STPL" and "FTPL" Cross-Site
Scripting
[SA26348] Atheros Wireless Driver Management Frame Handling Denial of
Service
[SA26336] Panda Antivirus Insecure Default Directory Permissions
UNIX/Linux:
[SA26369] Red Hat update for java-1.5.0-ibm
[SA26357] Gentoo update for netscape-flash
[SA26353] Gentoo update for xvid
[SA26378] gFTP Multiple Vulnerabilities
[SA26365] Debian update for pdfkit.framework
[SA26358] Red Hat update for kdegraphics
[SA26355] Gentoo update for libarchive
[SA26343] Debian update for tetex-bin
[SA26342] Debian update for libextractor
[SA26335] Debian update for iceweasel
[SA26331] Debian update for xulrunner
[SA26330] HP-UX update for Bind
[SA26328] Slackware update for thunderbird
[SA26327] Sun Java System Portal Server XSLT Processing Vulnerability
[SA26325] Ubuntu update for poppler
[SA26364] Debian update for bochs
[SA26351] Konqueror "setInterval()" Address Bar Spoofing Vulnerability
[SA26340] Asterisk Skinny Channel Driver Denial of Service
[SA26379] Red Hat update for kernel
[SA26367] Red Hat update for libgtop2
[SA26344] Avaya CMS / IR Solaris lbxproxy Privilege Escalation
Vulnerability
[SA26322] Linux Kernel AACRAID Driver IOCTL Security Bypass
[SA26366] Linux Kernel CIFS Signing Options Weakness
[SA26368] Red Hat update for gdm
[SA26349] IBM AIX "rmpvc" Buffer Overflow Vulnerability
Other:
[SA26363] Cisco IOS Voice Service Multiple Protocol Handling
Vulnerabilities
[SA26359] Cisco IOS IPv6 Routing Header Information Disclosure and
Denial of Service
[SA26360] Cisco IOS Next Hop Resolution Protocol Buffer Overflow
[SA26361] Cisco IOS Secure Copy Security Bypass Vulnerability
Cross Platform:
[SA26356] PhpHostBot "svr_rootscript" File Inclusion
[SA26350] FrontAccounting "path_to_root" File Inclusion
[SA26329] HP System Management Homepage Apache and OpenSSL
Vulnerabilities
[SA26352] Help Center Live Administration Multiple Security Bypass
[SA26347] Serendipity Extended Properties For Entries Security Bypass
[SA26339] LANAI CMS module.php SQL Injection
[SA26332] auraCMS Modul Forum Sederhana "id" SQL Injection
[SA26346] VisionProject Multiple Cross-Site Scripting Vulnerabilities
[SA26345] WordPress Blue Memories Theme "s" Cross-Site Scripting
[SA26333] KnowledgeTree Open Source Cross-Site Scripting
[SA26326] Sun Java System Web Server "redirect" Vulnerability
[SA26324] CONTENTdm "CISOBOX1" Cross-Site Scripting
[SA26321] WordPress Unnamed Theme "s" Cross-Site Scripting
[SA26337] TIBCO Rendezvous Multiple Denial of Service Vulnerabilities
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA26380] Dersimiz Haber Ekleme Modulu yorumkaydet.asp Script
Insertion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-08-09
GeFORC3 has reported some vulnerabilities in Dersimiz Haber Ekleme
Modulu, which can be exploited by malicious people to conduct script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/26380/
--
[SA26375] Ziyareti Defteri "isim" and "mesaj" Script Insertion
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-08-08
GeFORC3 has discovered some vulnerabilities in Ziyareti Defteri, which
can be exploited by malicious people to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/26375/
--
[SA26371] Berthanas Ziyaretci Defteri "sifre" and "id" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2007-08-09
Yollubunlar has discovered some vulnerabilities in Berthanas Ziyaretci
Defteri, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/26371/
--
[SA26362] Cisco Unified Communications Manager SIP Packet Processing
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-08-09
A vulnerability has been reported in Cisco Unified Communications
Manager (CUCM), which can be exploited by malicious people to cause a
DoS (Denial of Service ) or potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/26362/
--
[SA26338] Next Gen Portfolio Manager SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2007-08-06
Aria-Security Team has reported a vulnerability in Next Gen Portfolio
Manager, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/26338/
--
[SA26334] Gallery in a Box Administrator Login SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2007-08-06
Aria-Security Team have reported some vulnerabilities in Gallery in a
Box, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/26334/
--
[SA26323] Hunkaray Okul Portali "id" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2007-08-03
Yollubunlar has reported a vulnerability in Hunkaray Okul Portali,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/26323/
--
[SA26376] Cisco Unified MeetingPlace "STPL" and "FTPL" Cross-Site
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-08-09
Roger Jefferiss and Rob Pope have reported some vulnerabilities in
Cisco Unified MeetingPlace, which can be exploited by malicious people
to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/26376/
--
[SA26348] Atheros Wireless Driver Management Frame Handling Denial of
Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2007-08-09
A vulnerability has been reported in Atheros wireless drivers, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/26348/
--
[SA26336] Panda Antivirus Insecure Default Directory Permissions
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2007-08-06
A security issue has been discovered in Panda Antivirus, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/26336/
UNIX/Linux:--
[SA26369] Red Hat update for java-1.5.0-ibm
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2007-08-08
Red Hat has issued an update for java-1.5.0-ibm. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions,
cause a DoS (Denial of Service), or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/26369/
--
[SA26357] Gentoo update for netscape-flash
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2007-08-09
Gentoo has issued an update for netscape-flash. This fixes some
vulnerabilities, which can be exploited by malicious people to gain
knowledge of sensitive information or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/26357/
--
[SA26353] Gentoo update for xvid
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2007-08-09
Gentoo has issued an update for xvid. This fixes a vulnerability, which
can be exploited by malicious people to compromise an application using
the library.
Full Advisory:
http://secunia.com/advisories/26353/
--
[SA26378] gFTP Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-08-09
Some vulnerabilities have been reported in gFTP, which potentially can
be exploited by malicious people to compromise an application using the
library.
Full Advisory:
http://secunia.com/advisories/26378/
--
[SA26365] Debian update for pdfkit.framework
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-08-08
Debian has issued an update for pdfkit.framework. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/26365/
--
[SA26358] Red Hat update for kdegraphics
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-08-07
Red Hat has issued an update for kdegraphics. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/26358/
--
[SA26355] Gentoo update for libarchive
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2007-08-09
Gentoo has issued an update for libarchive (formerly bsdtar). This
fixes some vulnerabilities, which can be exploited by malicious people
to cause a DoS (Denial of Service) or potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/26355/
--
[SA26343] Debian update for tetex-bin
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-08-07
Debian has issued an update for tetex-bin. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/26343/
--
[SA26342] Debian update for libextractor
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-08-06
Debian has issued an update for libextractor. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/26342/
--
[SA26335] Debian update for iceweasel
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2007-08-06
Debian has issued an update for iceweasel. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/26335/
--
[SA26331] Debian update for xulrunner
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2007-08-06
Debian has issued an update for xulrunner. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/26331/
--
[SA26330] HP-UX update for Bind
Critical: Moderately critical
Where: From remote
Impact: Spoofing
Released: 2007-08-06
HP has issued an update for HP-UX. This fixes a vulnerability, which
can be exploited by malicious people to poison the DNS cache.
Full Advisory:
http://secunia.com/advisories/26330/
--
[SA26328] Slackware update for thunderbird
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2007-08-06
Slackware has issued an update for thunderbird. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/26328/
--
[SA26327] Sun Java System Portal Server XSLT Processing Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-08-06
A vulnerability has been reported in Sun Java System Portal Server,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/26327/
--
[SA26325] Ubuntu update for poppler
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-08-08
Ubuntu has issued an update for poppler. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise an
application using the library.
Full Advisory:
http://secunia.com/advisories/26325/
--
[SA26364] Debian update for bochs
Critical: Moderately critical
Where: Local system
Impact: System access, DoS
Released: 2007-08-08
Debian has issued an update for bochs. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/26364/
--
[SA26351] Konqueror "setInterval()" Address Bar Spoofing Vulnerability
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2007-08-07
Robert Swiecki has discovered a vulnerability in Konqueror, which can
be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/26351/
--
[SA26340] Asterisk Skinny Channel Driver Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2007-08-08
A vulnerability has been reported in Asterisk, which can be exploited
by malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/26340/
--
[SA26379] Red Hat update for kernel
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2007-08-09
Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
potentially gain escalated privileges, disclose potential sensitive
information, or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/26379/
--
[SA26367] Red Hat update for libgtop2
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2007-08-08
Red Hat has issued an update for libgtop2. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/26367/
--
[SA26344] Avaya CMS / IR Solaris lbxproxy Privilege Escalation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation
Released: 2007-08-07
Avaya has acknowledged a vulnerability in Avaya CMS / IR, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://secunia.com/advisories/26344/
--
[SA26322] Linux Kernel AACRAID Driver IOCTL Security Bypass
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2007-08-06
A security issue has been reported in the Linux Kernel, which can be
exploited by malicious, local users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/26322/
--
[SA26366] Linux Kernel CIFS Signing Options Weakness
Critical: Not critical
Where: From local network
Impact: Security Bypass
Released: 2007-08-09
A weakness has been reported in the Linux Kernel, which potentially can
be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/26366/
--
[SA26368] Red Hat update for gdm
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2007-08-08
Red Hat has issued an update for gdm. This fixes a vulnerability, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/26368/
--
[SA26349] IBM AIX "rmpvc" Buffer Overflow Vulnerability
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2007-08-07
A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/26349/
Other:--
[SA26363] Cisco IOS Voice Service Multiple Protocol Handling
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2007-08-09
Multiple vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/26363/
--
[SA26359] Cisco IOS IPv6 Routing Header Information Disclosure and
Denial of Service
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS
Released: 2007-08-09
A vulnerability has been reported in Cisco IOS and IOS XR, which can be
exploited by malicious people to potentially disclose sensitive
information or to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/26359/
--
[SA26360] Cisco IOS Next Hop Resolution Protocol Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2007-08-09
A vulnerability has been reported in Cisco IOS, which can be exploited
by malicious people to cause a DoS (Denial of Service) or to compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/26360/
--
[SA26361] Cisco IOS Secure Copy Security Bypass Vulnerability
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2007-08-09
A vulnerability has been reported in Cisco IOS, which can be exploited
by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/26361/
Cross Platform:--
[SA26356] PhpHostBot "svr_rootscript" File Inclusion
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2007-08-09
M. Hasran Addahroni has reported a vulnerability in PhpHostBot, which
can be exploited by malicious people to disclose sensitive information
or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/26356/
--
[SA26350] FrontAccounting "path_to_root" File Inclusion
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2007-08-08
K3ZZAP66345 has discovered a vulnerability in FrontAccounting, which
can be exploited by malicious people to disclose sensitive information
or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/26350/
--
[SA26329] HP System Management Homepage Apache and OpenSSL
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2007-08-06
HP has acknowledged some vulnerabilities in HP System Management
Homepage, which can be exploited by malicious people to bypass certain
security restrictions, cause a DoS (Denial of Service), or to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/26329/
--
[SA26352] Help Center Live Administration Multiple Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information
Released: 2007-08-07
Stephan Munz has discovered some vulnerabilities in Help Center Live,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/26352/
--
[SA26347] Serendipity Extended Properties For Entries Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2007-08-08
Erich Schubert has reported a vulnerability in Serendipity, which can
be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/26347/
--
[SA26339] LANAI CMS module.php SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2007-08-06
k1tk4t has discovered some vulnerabilities in LANAI CMS, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/26339/
--
[SA26332] auraCMS Modul Forum Sederhana "id" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2007-08-06
k1tk4t has discovered a vulnerability in the auraCMS Forum Module,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/26332/
--
[SA26346] VisionProject Multiple Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-08-07
r0t has reported some vulnerabilities in VisionProject, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/26346/
--
[SA26345] WordPress Blue Memories Theme "s" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-08-06
phoenix has discovered a vulnerability in the Blue Memories theme for
WordPress, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/26345/
--
[SA26333] KnowledgeTree Open Source Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-08-08
A vulnerability has been reported in KnowledgeTree Open Source, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/26333/
--
[SA26326] Sun Java System Web Server "redirect" Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information
Released: 2007-08-03
A vulnerability has been reported in Sun Java System Web Server, which
can be exploited by malicious people to conduct HTTP header injection
attacks, HTTP response splitting attacks, and disclose potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/26326/
--
[SA26324] CONTENTdm "CISOBOX1" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-08-06
Rhys Phillips has reported a vulnerability in CONTENTdm, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/26324/
--
[SA26321] WordPress Unnamed Theme "s" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-08-06
phoenix has discovered a vulnerability in the Unnamed theme for
WordPress, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/26321/
--
[SA26337] TIBCO Rendezvous Multiple Denial of Service Vulnerabilities
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2007-08-08
Some vulnerabilities have been reported in TIBCO Rendezvous, which can
be exploited by malicious people to conduct DoS (Denial of Service)
attacks.
Full Advisory:
http://secunia.com/advisories/26337/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support () secunia com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
____________________________________
Visit the InfoSec News book store!
http://www.shopinfosecnews.org
Current thread:
- Secunia Weekly Summary - Issue: 2007-32 InfoSec News (Aug 09)