Information Security News mailing list archives
Secunia Weekly Summary - Issue: 2008-26
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 27 Jun 2008 01:01:59 -0500 (CDT)
======================================================================== The Secunia Weekly Advisory Summary 2008-06-19 - 2008-06-26 This week: 71 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Try the Secunia Network Software Inspector (NSI) 2.0 for free! The Secunia NSI 2.0 is available as a 7-day trial download and can be used to scan up to 3 hosts within your network. Download the Secunia NSI trial version from: https://psi.secunia.com/NSISetup.exe ======================================================================== 2) This Week in Brief: A vulnerability has been reported in Mozilla Firefox, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an unspecified error and can be exploited to execute arbitrary code e.g. when a user visits a specially crafted web page. The vulnerability is reported in versions 3.0 and 2.0.x. Other versions may also be affected. For more information, refer to: http://secunia.com/advisories/30761 -- A vulnerability has been reported in Adobe Reader/Acrobat, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the implementation of an unspecified JavaScript method and can be exploited to cause a crash or potentially execute arbitrary code via a specially crafted PDF file. NOTE: The vulnerability is reportedly being exploited in the wild. For more information, refer to: http://secunia.com/advisories/30832 -- Some vulnerabilities and a security issue have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or to compromise a user's system. For more information, refer to: http://secunia.com/advisories/30775 -- VIRUS ALERTS: During the past week Secunia collected 176 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA30761] Mozilla Firefox Unspecified Code Execution Vulnerability 2. [SA30832] Adobe Reader/Acrobat JavaScript Method Handlin Vulnerability 3. [SA30775] Apple Safari for Windows Multiple Vulnerabilities 4. [SA29953] Realtek HD Audio Codec Driver Vulnerabilities 5. [SA30416] XnView Sun TAAC "format" Buffer Overflow Vulnerability 6. [SA30773] TYPO3 DCD GoogleMap Extension Cross-Site Scripting Vulnerability 7. [SA30766] Sun Solaris FreeType Multiple Vulnerabilities 8. [SA30755] vBulletin MCP Cross-Site Scripting Vulnerability 9. [SA30737] Various TYPO3 Extensions Cross-Site Scripting and SQL Injection Vulnerabilities 10. [SA30707] S.T.A.L.K.E.R.: Shadow of Chernobyl Long Nickname Denial of Service ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA30775] Apple Safari for Windows Multiple Vulnerabilities [SA30858] Ektron CMS400.NET Unspecified Vulnerability [SA30857] Internet Explorer 6 Window "location" Handling Vulnerability [SA30851] Internet Explorer 7 Frame Location Handling Vulnerability [SA30824] Ektron CMS400.NET "res" SQL Injection Vulnerability [SA30823] SunAge Multiple Denial of Service Vulnerabilities [SA30815] Call of Duty 4: Modern Warfare Vulnerabilities [SA30787] sHibby sHop "sayfa" SQL Injection Vulnerability [SA30774] DUware DUcalendar "iEve" SQL Injection Vulnerability [SA30854] Nortel SIP Multimedia PC Client Session Handling Denial of Service [SA30788] WISE-FTP 4 Directory Download Directory Traversal Vulnerability [SA30848] Cisco Unified Communications Manager Authentication Bypass and Denial of Service [SA30812] DC++ NULL Pointer Dereference Denial of Service UNIX/Linux: [SA30840] Sun Solaris Adobe Reader Multiple Vulnerabilities [SA30835] HP-UX HP CIFS Server Multiple Vulnerabilities [SA30831] Fedora update for ruby [SA30805] Red Hat update for IBMJava2-JRE and IBMJava2-SDK [SA30780] Gentoo update for ibm-jdk-bin and ibm-jre-bin [SA30829] Fedora update for clamav [SA30828] Fedora update for php [SA30827] Fedora update for xemacs-packages-extra [SA30825] Gentoo update for openssl [SA30821] Red Hat update for freetype [SA30820] Gentoo update for libvorbis [SA30819] Gentoo update for freetype [SA30818] SUSE update for kernel [SA30798] Link ADS 1 "linkid" SQL Injection Vulnerability [SA30793] Viral DX 1 "bannerid" SQL Injection Vulnerability [SA30785] Kolab Server ClamAV Petite Processing Denial of Service [SA30783] Debian update for libtk-img [SA30836] Fedora update for nasm [SA30826] Fedora update for gallery2 [SA30816] Fedora update for phpMyAdmin [SA30814] Fedora update for horde [SA30850] Red Hat update for kernel [SA30849] Red Hat update for kernel [SA30837] Fedora update for perl [SA30809] rPath update for xorg-x11 [SA30803] Red Hat sblim Insecure RPATH Privilege Escalation [SA30790] Perl "File::Path::rmtree" Insecure chmod on Symbolic Links [SA30781] Xen PVFB Shared Framebuffer Processing Vulnerability [SA30776] Apple Mac OS X ARDAgent Privilege Escalation Vulnerability Other: [SA30852] Nortel Media Processing Server OpenSSL Multiple Vulnerabilities [SA30847] Cisco Wide Area Application Services CUPS IPP Tags Memory Corruption [SA30844] Nortel Communication Server Command Processing Denial of Service Cross Platform: [SA30834] Benja CMS Cross-Site Scripting and Security Bypass Vulnerabilities [SA30832] Adobe Reader/Acrobat JavaScript Method Handling Vulnerability [SA30806] Jamroom "jamroom[jm_dir]" File Inclusion Vulnerability [SA30804] emuCMS Multiple Vulnerabilities [SA30797] le.cms "cms/admin/upload.php" Security Bypass [SA30789] NConvert / GFL SDK Sun TAAC "format" Buffer Overflow Vulnerability [SA30784] ODARS "CLASSES_ROOT" File Inclusion Vulnerability [SA30778] Hedgehog-CMS "c_temp_path" File Inclusion Vulnerability [SA30833] mask PHP File Manager Cookie Security Bypass [SA30811] FubarForum "page" Local File Inclusion Vulnerability [SA30810] Softbiz Jokes and Funny Pictures Script "sbjoke_id" SQL Injection [SA30807] CiBlog "id" SQL Injection Vulnerability [SA30800] AproxEngine "page" Local File Inclusion Vulnerability [SA30796] CCleague Pro admin.php SQL Injection and Authentication Bypass [SA30795] Online Fantasy Football League SQL Injection Vulnerabilities [SA30794] AJ HYIP "id" SQL Injection Vulnerability [SA30791] Joomla EXP Shop Component "catid" SQL Injection [SA30782] WebGUI Collaboration RSS Feed Information Disclosure [SA30779] HTML Purifier CSS Cross-Site Scripting and Script Insertion [SA30846] Drupal Suggested Terms Module Script Insertion Vulnerability [SA30845] Caucho Resin "file" Cross-Site Scripting Vulnerability [SA30839] Novell Groupwise WebAccess Simple Interface Cross-Site Scripting [SA30830] RT Devel::StackTrace Denial of Service Vulnerability [SA30822] JSCAPE Secure FTP Applet Host Key Verification Security Issue [SA30813] phpMyAdmin Cross-Site Scripting Vulnerabilities [SA30773] TYPO3 DCD GoogleMap Extension Cross-Site Scripting Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA30775] Apple Safari for Windows Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of sensitive information, System access Released: 2008-06-20 Some vulnerabilities and a security issue have been reported in Apple Safari, which can be exploited by malicious people to disclose sensitive information or to compromise a user's system. Full Advisory: http://secunia.com/advisories/30775/ -- [SA30858] Ektron CMS400.NET Unspecified Vulnerability Critical: Moderately critical Where: From remote Impact: Unknown Released: 2008-06-26 A vulnerability has been reported in Ektron CMS400.NET, which has an unknown impact. Full Advisory: http://secunia.com/advisories/30858/ -- [SA30857] Internet Explorer 6 Window "location" Handling Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2008-06-26 Ph4nt0m Security Team has discovered a vulnerability in Internet Explorer 6, which can be exploited by malicious people to conduct cross-domain scripting attacks. Full Advisory: http://secunia.com/advisories/30857/ -- [SA30851] Internet Explorer 7 Frame Location Handling Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Spoofing Released: 2008-06-26 sirdarckcat has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/30851/ -- [SA30824] Ektron CMS400.NET "res" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-06-26 DigiTrust Group Vulnerability Research Team has reported a vulnerability in Ektron CMS400.NET, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30824/ -- [SA30823] SunAge Multiple Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-06-26 Luigi Auriemma has reported some vulnerabilities in SunAge, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30823/ -- [SA30815] Call of Duty 4: Modern Warfare Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-06-23 Luigi Auriemma has reported some vulnerabilities in Call of Duty 4: Modern Warfare, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30815/ -- [SA30787] sHibby sHop "sayfa" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-06-23 KnocKout has reported a vulnerability in sHibby sHop, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30787/ -- [SA30774] DUware DUcalendar "iEve" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-06-25 Bl@ckbe@rD has reported a vulnerability in DUware DUcalendar, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30774/ -- [SA30854] Nortel SIP Multimedia PC Client Session Handling Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2008-06-26 A vulnerability has been reported in Nortel SIP Multimedia PC Client, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30854/ -- [SA30788] WISE-FTP 4 Directory Download Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2008-06-20 Tan Chew Keong has reported a vulnerability in WISE-FTP, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30788/ -- [SA30848] Cisco Unified Communications Manager Authentication Bypass and Denial of Service Critical: Less critical Where: From local network Impact: Security Bypass, Exposure of system information, Exposure of sensitive information, DoS Released: 2008-06-26 A vulnerability and a security issue have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to bypass certain security restrictions or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30848/ -- [SA30812] DC++ NULL Pointer Dereference Denial of Service Critical: Not critical Where: From remote Impact: DoS Released: 2008-06-25 A weakness has been reported in DC++, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30812/ UNIX/Linux:-- [SA30840] Sun Solaris Adobe Reader Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-06-26 Sun has acknowledged some vulnerabilities in Adobe Reader included in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. Full Advisory: http://secunia.com/advisories/30840/ -- [SA30835] HP-UX HP CIFS Server Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-06-24 HP has acknowledged some vulnerabilities in HP-UX, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30835/ -- [SA30831] Fedora update for ruby Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-06-25 Fedora has issued an update for ruby. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30831/ -- [SA30805] Red Hat update for IBMJava2-JRE and IBMJava2-SDK Critical: Highly critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2008-06-24 Red Hat has issued an update for IBMJava2-JRE and IBMJava2-SDK. This fixes some vulnerabilities, which potentially can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30805/ -- [SA30780] Gentoo update for ibm-jdk-bin and ibm-jre-bin Critical: Highly critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of system information, Exposure of sensitive information, DoS, System access Released: 2008-06-25 Gentoo has issued an update for ibm-jdk-bin and ibm-jre-bin. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate data, disclose sensitive/system information, cause a DoS (Denial of Service), or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30780/ -- [SA30829] Fedora update for clamav Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-06-23 Fedora has issued an update for clamav. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30829/ -- [SA30828] Fedora update for php Critical: Moderately critical Where: From remote Impact: System access, DoS, Security Bypass, Unknown Released: 2008-06-23 Fedora has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and potentially by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30828/ -- [SA30827] Fedora update for xemacs-packages-extra Critical: Moderately critical Where: From remote Impact: System access Released: 2008-06-23 Fedora has issued an update for xemacs-packages-extra. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30827/ -- [SA30825] Gentoo update for openssl Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-06-24 Gentoo has issued an update for openssl. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30825/ -- [SA30821] Red Hat update for freetype Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-06-23 Red Hat has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/30821/ -- [SA30820] Gentoo update for libvorbis Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-06-24 Gentoo has issued an update for libvorbis. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise an application using the library. Full Advisory: http://secunia.com/advisories/30820/ -- [SA30819] Gentoo update for freetype Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-06-24 Gentoo has issued an update for freetype. This fixes some vulnerabilities, which can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/30819/ -- [SA30818] SUSE update for kernel Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2008-06-23 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, bypass certain security restrictions, cause a DoS (Denial of Service), and gain escalated privileges, and malicious people to cause a DoS and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30818/ -- [SA30798] Link ADS 1 "linkid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-06-25 Hussin X has reported a vulnerability in Link ADS 1, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30798/ -- [SA30793] Viral DX 1 "bannerid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-06-25 Hussin X has reported a vulnerability in Viral DX 1, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30793/ -- [SA30785] Kolab Server ClamAV Petite Processing Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-06-20 A vulnerability has been reported in Kolab Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30785/ -- [SA30783] Debian update for libtk-img Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-06-20 Debian has issued an update for libtk-img. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/30783/ -- [SA30836] Fedora update for nasm Critical: Less critical Where: From remote Impact: System access Released: 2008-06-26 Fedora has issued an update for nasm. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30836/ -- [SA30826] Fedora update for gallery2 Critical: Less critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2008-06-23 Fedora has issued an update for gallery2. This fixes some vulnerabilities and a weakness, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and manipulate data. Full Advisory: http://secunia.com/advisories/30826/ -- [SA30816] Fedora update for phpMyAdmin Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-06-25 Fedora has issued an update for phpMyAdmin. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/30816/ -- [SA30814] Fedora update for horde Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-06-25 Fedora has issued an update for horde. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/30814/ -- [SA30850] Red Hat update for kernel Critical: Less critical Where: Local system Impact: Exposure of sensitive information, DoS Released: 2008-06-26 Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/30850/ -- [SA30849] Red Hat update for kernel Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation Released: 2008-06-26 Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information or gain escalated privileges. Full Advisory: http://secunia.com/advisories/30849/ -- [SA30837] Fedora update for perl Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-06-26 Fedora has issued an update for perl. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/30837/ -- [SA30809] rPath update for xorg-x11 Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-06-23 rPath has issued an update for xorg-x11. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. Full Advisory: http://secunia.com/advisories/30809/ -- [SA30803] Red Hat sblim Insecure RPATH Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-06-24 Red Hat has acknowledged a vulnerability in sblim, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/30803/ -- [SA30790] Perl "File::Path::rmtree" Insecure chmod on Symbolic Links Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-06-26 A vulnerability has been reported in Perl, which can be exploited by malicious, local user to perform actions with escalated privileges. Full Advisory: http://secunia.com/advisories/30790/ -- [SA30781] Xen PVFB Shared Framebuffer Processing Vulnerability Critical: Less critical Where: Local system Impact: Security Bypass, DoS Released: 2008-06-20 A vulnerability has been reported in Xen, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/30781/ -- [SA30776] Apple Mac OS X ARDAgent Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-06-23 A vulnerability has been discovered in Mac OS X, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/30776/ Other:-- [SA30852] Nortel Media Processing Server OpenSSL Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-06-26 Nortel has acknowledged some vulnerabilities in Media Processing Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30852/ -- [SA30847] Cisco Wide Area Application Services CUPS IPP Tags Memory Corruption Critical: Moderately critical Where: From local network Impact: System access Released: 2008-06-26 Cisco has acknowledged a vulnerability in Wide Area Application Services (WAAS), which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30847/ -- [SA30844] Nortel Communication Server Command Processing Denial of Service Critical: Not critical Where: From local network Impact: DoS Released: 2008-06-26 A vulnerability has been reported in Nortel Communication Server, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30844/ Cross Platform:-- [SA30834] Benja CMS Cross-Site Scripting and Security Bypass Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2008-06-24 CWH Underground has discovered some vulnerabilities in Benja CMS, which can be exploited by malicious people to conduct cross-site scripting attacks and bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/30834/ -- [SA30832] Adobe Reader/Acrobat JavaScript Method Handling Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-06-24 A vulnerability has been reported in Adobe Reader/Acrobat, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30832/ -- [SA30806] Jamroom "jamroom[jm_dir]" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-06-23 Some vulnerabilities have been reported in Jamroom, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30806/ -- [SA30804] emuCMS Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Manipulation of data, System access Released: 2008-06-23 Some vulnerabilities have been discovered in emuCMS, which can be exploited by malicious people to conduct SQL injection attacks or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30804/ -- [SA30797] le.cms "cms/admin/upload.php" Security Bypass Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2008-06-23 t0pP8uZz has reported a vulnerability in le.cms, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30797/ -- [SA30789] NConvert / GFL SDK Sun TAAC "format" Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-06-20 Secunia Research has discovered a vulnerability in NConvert and GFL SDK, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/30789/ -- [SA30784] ODARS "CLASSES_ROOT" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-06-23 CraCkEr has discovered a vulnerability in ODARS, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30784/ -- [SA30778] Hedgehog-CMS "c_temp_path" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-06-23 CraCkEr has discovered a vulnerability in Hedgehog-CMS, which can be exploited by malicious people to disclose sensitive information or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/30778/ -- [SA30833] mask PHP File Manager Cookie Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-06-25 A vulnerability has been reported in mask PHP File Manager (mPFM), which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/30833/ -- [SA30811] FubarForum "page" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-06-23 cOndemned has reported a vulnerability in FubarForum, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/30811/ -- [SA30810] Softbiz Jokes and Funny Pictures Script "sbjoke_id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-06-26 Hussin X has reported a vulnerability in Softbiz Jokes and Funny Pictures Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30810/ -- [SA30807] CiBlog "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-06-25 Mr.SQL has reported a vulnerability in CiBlog, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30807/ -- [SA30800] AproxEngine "page" Local File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-06-23 SkyOut has discovered a vulnerability in AproxEngine, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/30800/ -- [SA30796] CCleague Pro admin.php SQL Injection and Authentication Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-06-23 t0pP8uZz has discovered some vulnerabilities in CCleague Pro, which can be exploited by malicious people to bypass certain security restrictions or to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30796/ -- [SA30795] Online Fantasy Football League SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-06-23 t0pP8uZz has reported some vulnerabilities in Online Fantasy Football League, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30795/ -- [SA30794] AJ HYIP "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-06-23 Hussin X has reported a vulnerability in AJ HYIP, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30794/ -- [SA30791] Joomla EXP Shop Component "catid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-06-23 His0k4 has reported a vulnerability in the EXP Shop component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/30791/ -- [SA30782] WebGUI Collaboration RSS Feed Information Disclosure Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-06-25 A security issue has been reported in WebGUI, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/30782/ -- [SA30779] HTML Purifier CSS Cross-Site Scripting and Script Insertion Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-06-23 Two vulnerabilities have been reported in HTML Purifier, which can be exploited by malicious people to conduct cross-site scripting or script insertion attacks. Full Advisory: http://secunia.com/advisories/30779/ -- [SA30846] Drupal Suggested Terms Module Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-06-26 A vulnerability has been reported in the Suggested Terms module for Drupal, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/30846/ -- [SA30845] Caucho Resin "file" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-06-26 A vulnerability has been reported in Caucho Resin, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/30845/ -- [SA30839] Novell Groupwise WebAccess Simple Interface Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-06-25 A vulnerability has been reported in Novell Groupwise, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/30839/ -- [SA30830] RT Devel::StackTrace Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2008-06-25 A vulnerability has been reported in RT, which can exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/30830/ -- [SA30822] JSCAPE Secure FTP Applet Host Key Verification Security Issue Critical: Less critical Where: From remote Impact: Spoofing Released: 2008-06-23 n.runs AG has reported a security issue in JSCAPE Secure FTP Applet, which can be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/30822/ -- [SA30813] phpMyAdmin Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-06-24 Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/30813/ -- [SA30773] TYPO3 DCD GoogleMap Extension Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-06-19 A vulnerability has been reported in the DCD GoogleMap (dcdgooglemap) extension for TYPO3, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/30773/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support () secunia com Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
Current thread:
- Secunia Weekly Summary - Issue: 2008-26 InfoSec News (Jun 26)