Information Security News mailing list archives
Secunia Weekly Summary - Issue: 2008-26
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 27 Jun 2008 01:01:59 -0500 (CDT)
========================================================================
The Secunia Weekly Advisory Summary
2008-06-19 - 2008-06-26
This week: 71 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Try the Secunia Network Software Inspector (NSI) 2.0 for free! The
Secunia NSI 2.0 is available as a 7-day trial download and can be used
to scan up to 3 hosts within your network.
Download the Secunia NSI trial version from:
https://psi.secunia.com/NSISetup.exe
========================================================================
2) This Week in Brief:
A vulnerability has been reported in Mozilla Firefox, which can be
exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an unspecified error and can be
exploited to execute arbitrary code e.g. when a user visits a specially
crafted web page.
The vulnerability is reported in versions 3.0 and 2.0.x. Other versions
may also be affected.
For more information, refer to:
http://secunia.com/advisories/30761
--
A vulnerability has been reported in Adobe Reader/Acrobat, which
potentially can be exploited by malicious people to compromise a user's
system.
The vulnerability is caused due to an error in the implementation of an
unspecified JavaScript method and can be exploited to cause a crash or
potentially execute arbitrary code via a specially crafted PDF file.
NOTE: The vulnerability is reportedly being exploited in the wild.
For more information, refer to:
http://secunia.com/advisories/30832
--
Some vulnerabilities and a security issue have been reported in Apple
Safari, which can be exploited by malicious people to disclose
sensitive information or to compromise a user's system.
For more information, refer to:
http://secunia.com/advisories/30775
--
VIRUS ALERTS:
During the past week Secunia collected 176 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA30761] Mozilla Firefox Unspecified Code Execution Vulnerability
2. [SA30832] Adobe Reader/Acrobat JavaScript Method Handlin
Vulnerability
3. [SA30775] Apple Safari for Windows Multiple Vulnerabilities
4. [SA29953] Realtek HD Audio Codec Driver Vulnerabilities
5. [SA30416] XnView Sun TAAC "format" Buffer Overflow Vulnerability
6. [SA30773] TYPO3 DCD GoogleMap Extension Cross-Site Scripting
Vulnerability
7. [SA30766] Sun Solaris FreeType Multiple Vulnerabilities
8. [SA30755] vBulletin MCP Cross-Site Scripting Vulnerability
9. [SA30737] Various TYPO3 Extensions Cross-Site Scripting and SQL
Injection Vulnerabilities
10. [SA30707] S.T.A.L.K.E.R.: Shadow of Chernobyl Long Nickname Denial
of Service
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA30775] Apple Safari for Windows Multiple Vulnerabilities
[SA30858] Ektron CMS400.NET Unspecified Vulnerability
[SA30857] Internet Explorer 6 Window "location" Handling Vulnerability
[SA30851] Internet Explorer 7 Frame Location Handling Vulnerability
[SA30824] Ektron CMS400.NET "res" SQL Injection Vulnerability
[SA30823] SunAge Multiple Denial of Service Vulnerabilities
[SA30815] Call of Duty 4: Modern Warfare Vulnerabilities
[SA30787] sHibby sHop "sayfa" SQL Injection Vulnerability
[SA30774] DUware DUcalendar "iEve" SQL Injection Vulnerability
[SA30854] Nortel SIP Multimedia PC Client Session Handling Denial of
Service
[SA30788] WISE-FTP 4 Directory Download Directory Traversal
Vulnerability
[SA30848] Cisco Unified Communications Manager Authentication Bypass
and Denial of Service
[SA30812] DC++ NULL Pointer Dereference Denial of Service
UNIX/Linux:
[SA30840] Sun Solaris Adobe Reader Multiple Vulnerabilities
[SA30835] HP-UX HP CIFS Server Multiple Vulnerabilities
[SA30831] Fedora update for ruby
[SA30805] Red Hat update for IBMJava2-JRE and IBMJava2-SDK
[SA30780] Gentoo update for ibm-jdk-bin and ibm-jre-bin
[SA30829] Fedora update for clamav
[SA30828] Fedora update for php
[SA30827] Fedora update for xemacs-packages-extra
[SA30825] Gentoo update for openssl
[SA30821] Red Hat update for freetype
[SA30820] Gentoo update for libvorbis
[SA30819] Gentoo update for freetype
[SA30818] SUSE update for kernel
[SA30798] Link ADS 1 "linkid" SQL Injection Vulnerability
[SA30793] Viral DX 1 "bannerid" SQL Injection Vulnerability
[SA30785] Kolab Server ClamAV Petite Processing Denial of Service
[SA30783] Debian update for libtk-img
[SA30836] Fedora update for nasm
[SA30826] Fedora update for gallery2
[SA30816] Fedora update for phpMyAdmin
[SA30814] Fedora update for horde
[SA30850] Red Hat update for kernel
[SA30849] Red Hat update for kernel
[SA30837] Fedora update for perl
[SA30809] rPath update for xorg-x11
[SA30803] Red Hat sblim Insecure RPATH Privilege Escalation
[SA30790] Perl "File::Path::rmtree" Insecure chmod on Symbolic Links
[SA30781] Xen PVFB Shared Framebuffer Processing Vulnerability
[SA30776] Apple Mac OS X ARDAgent Privilege Escalation Vulnerability
Other:
[SA30852] Nortel Media Processing Server OpenSSL Multiple
Vulnerabilities
[SA30847] Cisco Wide Area Application Services CUPS IPP Tags Memory
Corruption
[SA30844] Nortel Communication Server Command Processing Denial of
Service
Cross Platform:
[SA30834] Benja CMS Cross-Site Scripting and Security Bypass
Vulnerabilities
[SA30832] Adobe Reader/Acrobat JavaScript Method Handling
Vulnerability
[SA30806] Jamroom "jamroom[jm_dir]" File Inclusion Vulnerability
[SA30804] emuCMS Multiple Vulnerabilities
[SA30797] le.cms "cms/admin/upload.php" Security Bypass
[SA30789] NConvert / GFL SDK Sun TAAC "format" Buffer Overflow
Vulnerability
[SA30784] ODARS "CLASSES_ROOT" File Inclusion Vulnerability
[SA30778] Hedgehog-CMS "c_temp_path" File Inclusion Vulnerability
[SA30833] mask PHP File Manager Cookie Security Bypass
[SA30811] FubarForum "page" Local File Inclusion Vulnerability
[SA30810] Softbiz Jokes and Funny Pictures Script "sbjoke_id" SQL
Injection
[SA30807] CiBlog "id" SQL Injection Vulnerability
[SA30800] AproxEngine "page" Local File Inclusion Vulnerability
[SA30796] CCleague Pro admin.php SQL Injection and Authentication
Bypass
[SA30795] Online Fantasy Football League SQL Injection Vulnerabilities
[SA30794] AJ HYIP "id" SQL Injection Vulnerability
[SA30791] Joomla EXP Shop Component "catid" SQL Injection
[SA30782] WebGUI Collaboration RSS Feed Information Disclosure
[SA30779] HTML Purifier CSS Cross-Site Scripting and Script Insertion
[SA30846] Drupal Suggested Terms Module Script Insertion Vulnerability
[SA30845] Caucho Resin "file" Cross-Site Scripting Vulnerability
[SA30839] Novell Groupwise WebAccess Simple Interface Cross-Site
Scripting
[SA30830] RT Devel::StackTrace Denial of Service Vulnerability
[SA30822] JSCAPE Secure FTP Applet Host Key Verification Security
Issue
[SA30813] phpMyAdmin Cross-Site Scripting Vulnerabilities
[SA30773] TYPO3 DCD GoogleMap Extension Cross-Site Scripting
Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA30775] Apple Safari for Windows Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2008-06-20
Some vulnerabilities and a security issue have been reported in Apple
Safari, which can be exploited by malicious people to disclose
sensitive information or to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30775/
--
[SA30858] Ektron CMS400.NET Unspecified Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2008-06-26
A vulnerability has been reported in Ektron CMS400.NET, which has an
unknown impact.
Full Advisory:
http://secunia.com/advisories/30858/
--
[SA30857] Internet Explorer 6 Window "location" Handling Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2008-06-26
Ph4nt0m Security Team has discovered a vulnerability in Internet
Explorer 6, which can be exploited by malicious people to conduct
cross-domain scripting attacks.
Full Advisory:
http://secunia.com/advisories/30857/
--
[SA30851] Internet Explorer 7 Frame Location Handling Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing
Released: 2008-06-26
sirdarckcat has discovered a vulnerability in Internet Explorer, which
can be exploited by malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/30851/
--
[SA30824] Ektron CMS400.NET "res" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-26
DigiTrust Group Vulnerability Research Team has reported a
vulnerability in Ektron CMS400.NET, which can be exploited by malicious
people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30824/
--
[SA30823] SunAge Multiple Denial of Service Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-06-26
Luigi Auriemma has reported some vulnerabilities in SunAge, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30823/
--
[SA30815] Call of Duty 4: Modern Warfare Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-23
Luigi Auriemma has reported some vulnerabilities in Call of Duty 4:
Modern Warfare, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30815/
--
[SA30787] sHibby sHop "sayfa" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-23
KnocKout has reported a vulnerability in sHibby sHop, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30787/
--
[SA30774] DUware DUcalendar "iEve" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-25
Bl@ckbe@rD has reported a vulnerability in DUware DUcalendar, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30774/
--
[SA30854] Nortel SIP Multimedia PC Client Session Handling Denial of
Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-06-26
A vulnerability has been reported in Nortel SIP Multimedia PC Client,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30854/
--
[SA30788] WISE-FTP 4 Directory Download Directory Traversal
Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-06-20
Tan Chew Keong has reported a vulnerability in WISE-FTP, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30788/
--
[SA30848] Cisco Unified Communications Manager Authentication Bypass
and Denial of Service
Critical: Less critical
Where: From local network
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS
Released: 2008-06-26
A vulnerability and a security issue have been reported in Cisco
Unified Communications Manager, which can be exploited by malicious
people to bypass certain security restrictions or to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/30848/
--
[SA30812] DC++ NULL Pointer Dereference Denial of Service
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2008-06-25
A weakness has been reported in DC++, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30812/
UNIX/Linux:--
[SA30840] Sun Solaris Adobe Reader Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-26
Sun has acknowledged some vulnerabilities in Adobe Reader included in
Sun Solaris, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30840/
--
[SA30835] HP-UX HP CIFS Server Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-24
HP has acknowledged some vulnerabilities in HP-UX, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30835/
--
[SA30831] Fedora update for ruby
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, DoS, System access
Released: 2008-06-25
Fedora has issued an update for ruby. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose sensitive
information, cause a DoS (Denial of Service), or potentially compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30831/
--
[SA30805] Red Hat update for IBMJava2-JRE and IBMJava2-SDK
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2008-06-24
Red Hat has issued an update for IBMJava2-JRE and IBMJava2-SDK. This
fixes some vulnerabilities, which potentially can be exploited by
malicious people to bypass certain security restrictions, cause a DoS
(Denial of Service), or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30805/
--
[SA30780] Gentoo update for ibm-jdk-bin and ibm-jre-bin
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of system
information, Exposure of sensitive information, DoS, System access
Released: 2008-06-25
Gentoo has issued an update for ibm-jdk-bin and ibm-jre-bin. This fixes
some vulnerabilities, which can be exploited by malicious people to
bypass certain security restrictions, manipulate data, disclose
sensitive/system information, cause a DoS (Denial of Service), or to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30780/
--
[SA30829] Fedora update for clamav
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-06-23
Fedora has issued an update for clamav. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30829/
--
[SA30828] Fedora update for php
Critical: Moderately critical
Where: From remote
Impact: System access, DoS, Security Bypass, Unknown
Released: 2008-06-23
Fedora has issued an update for php. This fixes some vulnerabilities,
where some have unknown impacts and others can be exploited by
malicious users to bypass certain security restrictions, and
potentially by malicious people to cause a DoS (Denial of Service) or
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30828/
--
[SA30827] Fedora update for xemacs-packages-extra
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-06-23
Fedora has issued an update for xemacs-packages-extra. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/30827/
--
[SA30825] Gentoo update for openssl
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-06-24
Gentoo has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30825/
--
[SA30821] Red Hat update for freetype
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-23
Red Hat has issued an update for freetype. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/30821/
--
[SA30820] Gentoo update for libvorbis
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-24
Gentoo has issued an update for libvorbis. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise an application
using the library.
Full Advisory:
http://secunia.com/advisories/30820/
--
[SA30819] Gentoo update for freetype
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-24
Gentoo has issued an update for freetype. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/30819/
--
[SA30818] SUSE update for kernel
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS, System access
Released: 2008-06-23
SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information, bypass certain security
restrictions, cause a DoS (Denial of Service), and gain escalated
privileges, and malicious people to cause a DoS and potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30818/
--
[SA30798] Link ADS 1 "linkid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-25
Hussin X has reported a vulnerability in Link ADS 1, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30798/
--
[SA30793] Viral DX 1 "bannerid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-06-25
Hussin X has reported a vulnerability in Viral DX 1, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30793/
--
[SA30785] Kolab Server ClamAV Petite Processing Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-06-20
A vulnerability has been reported in Kolab Server, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30785/
--
[SA30783] Debian update for libtk-img
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-20
Debian has issued an update for libtk-img. This fixes a vulnerability,
which can be exploited by malicious people to compromise an application
using the library.
Full Advisory:
http://secunia.com/advisories/30783/
--
[SA30836] Fedora update for nasm
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-06-26
Fedora has issued an update for nasm. This fixes some vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30836/
--
[SA30826] Fedora update for gallery2
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, Exposure of sensitive
information
Released: 2008-06-23
Fedora has issued an update for gallery2. This fixes some
vulnerabilities and a weakness, which can be exploited by malicious
people to conduct cross-site scripting attacks, disclose sensitive
information, and manipulate data.
Full Advisory:
http://secunia.com/advisories/30826/
--
[SA30816] Fedora update for phpMyAdmin
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-25
Fedora has issued an update for phpMyAdmin. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30816/
--
[SA30814] Fedora update for horde
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-25
Fedora has issued an update for horde. This fixes a vulnerability,
which can be exploited by malicious users to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/30814/
--
[SA30850] Red Hat update for kernel
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, DoS
Released: 2008-06-26
Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) or to disclose potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/30850/
--
[SA30849] Red Hat update for kernel
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation
Released: 2008-06-26
Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information or gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/30849/
--
[SA30837] Fedora update for perl
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-06-26
Fedora has issued an update for perl. This fixes a vulnerability, which
can be exploited by malicious, local users to perform certain actions
with escalated privileges.
Full Advisory:
http://secunia.com/advisories/30837/
--
[SA30809] rPath update for xorg-x11
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2008-06-23
rPath has issued an update for xorg-x11. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, or to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30809/
--
[SA30803] Red Hat sblim Insecure RPATH Privilege Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-06-24
Red Hat has acknowledged a vulnerability in sblim, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30803/
--
[SA30790] Perl "File::Path::rmtree" Insecure chmod on Symbolic Links
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-06-26
A vulnerability has been reported in Perl, which can be exploited by
malicious, local user to perform actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/30790/
--
[SA30781] Xen PVFB Shared Framebuffer Processing Vulnerability
Critical: Less critical
Where: Local system
Impact: Security Bypass, DoS
Released: 2008-06-20
A vulnerability has been reported in Xen, which can be exploited by
malicious, local users to cause a DoS (Denial of Service) or
potentially bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/30781/
--
[SA30776] Apple Mac OS X ARDAgent Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-06-23
A vulnerability has been discovered in Mac OS X, which can be exploited
by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30776/
Other:--
[SA30852] Nortel Media Processing Server OpenSSL Multiple
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-26
Nortel has acknowledged some vulnerabilities in Media Processing
Server, which can be exploited by malicious people to cause a DoS
(Denial of Service) or potentially to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30852/
--
[SA30847] Cisco Wide Area Application Services CUPS IPP Tags Memory
Corruption
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2008-06-26
Cisco has acknowledged a vulnerability in Wide Area Application
Services (WAAS), which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30847/
--
[SA30844] Nortel Communication Server Command Processing Denial of
Service
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2008-06-26
A vulnerability has been reported in Nortel Communication Server, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30844/
Cross Platform:--
[SA30834] Benja CMS Cross-Site Scripting and Security Bypass
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2008-06-24
CWH Underground has discovered some vulnerabilities in Benja CMS, which
can be exploited by malicious people to conduct cross-site scripting
attacks and bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/30834/
--
[SA30832] Adobe Reader/Acrobat JavaScript Method Handling
Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-06-24
A vulnerability has been reported in Adobe Reader/Acrobat, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30832/
--
[SA30806] Jamroom "jamroom[jm_dir]" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-23
Some vulnerabilities have been reported in Jamroom, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30806/
--
[SA30804] emuCMS Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2008-06-23
Some vulnerabilities have been discovered in emuCMS, which can be
exploited by malicious people to conduct SQL injection attacks or to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30804/
--
[SA30797] le.cms "cms/admin/upload.php" Security Bypass
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2008-06-23
t0pP8uZz has reported a vulnerability in le.cms, which can be exploited
by malicious people to bypass certain security restrictions and
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30797/
--
[SA30789] NConvert / GFL SDK Sun TAAC "format" Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-20
Secunia Research has discovered a vulnerability in NConvert and GFL
SDK, which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30789/
--
[SA30784] ODARS "CLASSES_ROOT" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-06-23
CraCkEr has discovered a vulnerability in ODARS, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30784/
--
[SA30778] Hedgehog-CMS "c_temp_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-06-23
CraCkEr has discovered a vulnerability in Hedgehog-CMS, which can be
exploited by malicious people to disclose sensitive information or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30778/
--
[SA30833] mask PHP File Manager Cookie Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-06-25
A vulnerability has been reported in mask PHP File Manager (mPFM),
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/30833/
--
[SA30811] FubarForum "page" Local File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-06-23
cOndemned has reported a vulnerability in FubarForum, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/30811/
--
[SA30810] Softbiz Jokes and Funny Pictures Script "sbjoke_id" SQL
Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-26
Hussin X has reported a vulnerability in Softbiz Jokes and Funny
Pictures Script, which can be exploited by malicious people to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30810/
--
[SA30807] CiBlog "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-06-25
Mr.SQL has reported a vulnerability in CiBlog, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30807/
--
[SA30800] AproxEngine "page" Local File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-06-23
SkyOut has discovered a vulnerability in AproxEngine, which can be
exploited by malicious people to disclose potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/30800/
--
[SA30796] CCleague Pro admin.php SQL Injection and Authentication
Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2008-06-23
t0pP8uZz has discovered some vulnerabilities in CCleague Pro, which can
be exploited by malicious people to bypass certain security restrictions
or to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30796/
--
[SA30795] Online Fantasy Football League SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-23
t0pP8uZz has reported some vulnerabilities in Online Fantasy Football
League, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30795/
--
[SA30794] AJ HYIP "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-06-23
Hussin X has reported a vulnerability in AJ HYIP, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30794/
--
[SA30791] Joomla EXP Shop Component "catid" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-06-23
His0k4 has reported a vulnerability in the EXP Shop component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30791/
--
[SA30782] WebGUI Collaboration RSS Feed Information Disclosure
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-06-25
A security issue has been reported in WebGUI, which can be exploited by
malicious people to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/30782/
--
[SA30779] HTML Purifier CSS Cross-Site Scripting and Script Insertion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-23
Two vulnerabilities have been reported in HTML Purifier, which can be
exploited by malicious people to conduct cross-site scripting or script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/30779/
--
[SA30846] Drupal Suggested Terms Module Script Insertion Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-26
A vulnerability has been reported in the Suggested Terms module for
Drupal, which can be exploited by malicious users to conduct script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/30846/
--
[SA30845] Caucho Resin "file" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-26
A vulnerability has been reported in Caucho Resin, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30845/
--
[SA30839] Novell Groupwise WebAccess Simple Interface Cross-Site
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-25
A vulnerability has been reported in Novell Groupwise, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30839/
--
[SA30830] RT Devel::StackTrace Denial of Service Vulnerability
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-06-25
A vulnerability has been reported in RT, which can exploited by
malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30830/
--
[SA30822] JSCAPE Secure FTP Applet Host Key Verification Security
Issue
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2008-06-23
n.runs AG has reported a security issue in JSCAPE Secure FTP Applet,
which can be exploited by malicious people to conduct spoofing
attacks.
Full Advisory:
http://secunia.com/advisories/30822/
--
[SA30813] phpMyAdmin Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-24
Some vulnerabilities have been reported in phpMyAdmin, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30813/
--
[SA30773] TYPO3 DCD GoogleMap Extension Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-06-19
A vulnerability has been reported in the DCD GoogleMap (dcdgooglemap)
extension for TYPO3, which can be exploited by malicious people to
conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30773/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support () secunia com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
Current thread:
- Secunia Weekly Summary - Issue: 2008-26 InfoSec News (Jun 26)