Information Security News mailing list archives
Secunia Weekly Summary - Issue: 2008-20
From: InfoSec News <alerts () infosecnews org>
Date: Fri, 16 May 2008 03:04:34 -0500 (CDT)
========================================================================
The Secunia Weekly Advisory Summary
2008-05-08 - 2008-05-15
This week: 118 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia is pleased to announce that we are sponsoring the upcoming
Gartner IT Security Summit from June 2 to 4 in Washington, DC. The
event brings together Gartner analysts, leading executives, and
innovators to present research, case studies, and insight into the
business-critical aspect of IT.
If you would like to meet with Secunia representatives in the
conference, you can get a $400 discount off the regular registration
fee. Please contact pr () secunia com to receive the priority code and
schedule the meeting.
========================================================================
2) This Week in Brief:
Two vulnerabilities have been reported in Microsoft Word, which can be
exploited by malicious people to compromise a user's system.
An error when parsing objects in rich text format (.rtf) files can be
exploited to cause a heap-based buffer overflow e.g. when a user opens
a specially crafted .rtf file containing malformed strings with Word or
previews a specially crafted e-mail containing malformed strings as rich
text or HTML.
Another error exists in the processing of cascading style sheets (CSS)
values and can be exploited to corrupt memory when a specially crafted
HTML file is opened using Word.
Successful exploitation may allow execution of arbitrary code.
Microsoft has released updates resolving these vulnerabilities as part
of its Patch Tuesday release. For more information, refer to:
http://secunia.com/advisories/30143/
--
Two vulnerabilities have been reported in various Microsoft products,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
An unspecified error in the Malware Protection Engine when parsing PE
files can be exploited to cause the engine to stop responding and
restart when scanning a specially crafted PE file.
An input validation error in the Malware Protection Engine when parsing
PE files can be exploited to exhaust available disk space when scanning
a specially crafted PE file containing an overly large "size of header"
value.
The vulnerabilities are present in all Microsoft product, which contain
the Malware Protection Engine, including Windows Defender, and Windows
OnceCare.
Microsoft has released updates resolving these vulnerabilities as part
of its Patch Tuesday release. For more information, refer to:
http://secunia.com/advisories/30172/
--
Debian has issued an update for OpenSSL. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable system,
and a security issue, which can lead to weak cryptographic key material.
The security issue is caused due to the random number generator in
Debian's openssl package being predictable. This may lead to weak
cryptographic key material being generated e.g. for SSH keys, OpenVPN
keys, DNSSEC keys, and key material for use in X.509 certificates and
session keys used in SSL/TLS connections.
The security issue is reported in Debian's OpenSSL packages starting
with 0.9.8c-1 (uploaded to the unstable distribution on 2006-09-17) and
affects all keys generated with an affected package.
An unspecified error within the DTLS implementation can be exploited by
malicious people to cause a DoS (Denial of Service) and potentially
compromise a vulnerable system. This is related to a previously-known
issue in OpenSSL.
The issues are reported in the Debian Linux distribution, as well as
all Debian-based code, such as Ubuntu. Various developers have created
packages solving these issues.
For more information, refer to:
http://secunia.com/advisories/30220/
--
VIRUS ALERTS:
During the past week Secunia collected 206 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA30220] Debian OpenSSL Predictable Random Number Generator and
Update
2. [SA30128] SAP Internet Transaction Server wgate.dll Cross-Site
Scripting Vulnerability
3. [SA30127] PostcardMentor "cat_fldAuto" SQL Injection Vulnerability
4. [SA30065] Maian Links Multiple Cross-Site Scripting Vulnerabilities
5. [SA30070] Maian Gallery "keywords" Cross-Site Scripting
Vulnerability
6. [SA30069] Maian Greetings Cross-Site Scripting and SQL Injection
Vulnerabilities
7. [SA30123] Galleristic "cat" SQL Injection Vulnerability
8. [SA30068] Maian Support Multiple Cross-Site Scripting
Vulnerabilities
9. [SA30154] Cyberfolio "rep" File Inclusion Vulnerability
10. [SA30115] Yahoo! Assistant yNotifier.dll ActiveX Control Code
Execution
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA30197] Microsoft Windows CE Image Processing Vulnerabilities
[SA30150] Microsoft Publisher Object Handler Validation Vulnerability
[SA30143] Microsoft Word Two Code Execution Vulnerabilities
[SA30233] Meto Forum Multiple SQL Injection Vulnerabilities
[SA30172] Microsoft Malware Protection Engine File Parsing Denial of
Service
[SA30261] Symantec Altiris Deployment Solution Multiple
Vulnerabilities
[SA30147] TFTP Server SP Long Error Message Buffer Overflow
[SA30246] IDAutomation Barcode ActiveX Controls Insecure Methods
[SA30222] Cisco Building Broadband Service Manager "msg" Cross-Site
Scripting
[SA30141] Internet Explorer "Print Table of Links" Cross-Zone
Scripting
[SA30271] Citrix Presentation Server Weakness and Unauthorised Access
[SA30203] Microsoft Windows XP I2O Utility Filter Driver Privilege
Escalation
[SA30145] Internet Explorer "DisableCachingOfSSLPages" Weakness
UNIX/Linux:
[SA30253] Fedora update for clamav
[SA30220] Debian OpenSSL Predictable Random Number Generator and
Update
[SA30202] SUSE Update for Multiple Packages
[SA30192] Fedora update for thunderbird
[SA30179] Gentoo update for openoffice and openoffice-bin
[SA30168] Gentoo update for ptex
[SA30161] Gentoo ltsp Multiple Vulnerabilities
[SA30276] Fedora update for kernel
[SA30272] Fedora update for blender
[SA30269] Cisco Unified Presence SIP Proxy Service Denial of Service
[SA30259] Fedora update for libvorbis
[SA30249] Debian update for openssh
[SA30248] Fedora update for rdesktop
[SA30247] Red Hat update for libvorbis
[SA30241] Linux Kernel Multiple Vulnerabilities
[SA30239] Ubuntu update for openssh
[SA30237] Red Hat update for libvorbis
[SA30231] Ubuntu update for ssl-cert
[SA30221] Ubuntu update for openssl
[SA30219] Gentoo update for chicken
[SA30216] XEmacs "fast-lock-mode" File Processing Vulnerability
[SA30199] GNU Emacs "fast-lock-mode" File Processing Vulnerability
[SA30198] rPath update for kernel
[SA30195] HP-UX ftp Server Unspecified Denial of Service
[SA30193] Fedora update for sipp
[SA30189] Fedora update for zoneminder
[SA30188] Fedora update for tkimg
[SA30174] Gentoo update for pngcrush
[SA30169] Gentoo update for cdf
[SA30163] Gentoo update for inspircd
[SA30159] Debian update for rdesktop
[SA30158] Debian update for php5
[SA30157] Pngcrush libpng Unknown Chunk Processing Uninitialized Memory
Access
[SA30156] Sarg Multiple Unspecified Buffer Overflows
[SA30151] Gentoo update for blender
[SA30190] Fedora update for cups
[SA30185] Fedora Directory Server Regular Expression Handler Buffer
Overflow
[SA30184] Sun Solaris Print Service Unspecified Vulnerabilities
[SA30181] Red Hat Directory Server Regular Expression Handler Buffer
Overflow
[SA30162] Gentoo update for firebird
[SA30236] Fedora update for licq
[SA30182] Gentoo update for libid3tag
[SA30173] Fedora update for libid3tag
[SA30167] Fedora update for bugzilla
[SA30160] Gentoo update for moinmoin
[SA30153] Build A Niche Store "q" Cross-Site Scripting
[SA30240] Cisco Unified Presence Presence Engine Service Two Denial of
Service Vulnerabilities
[SA30187] Net-snmp Perl Module "__snprint_value()" Buffer Overflow
[SA30260] Fedora update for kernel
[SA30229] Gentoo update for aterm, eterm, rxvt, mrxvt, multi-aterm,
wterm, and rxvt-unicode
[SA30227] mrxvt X11 Display Security Issue
[SA30226] wterm X11 Display Security Issue
[SA30225] aterm X11 Display Security Issue
[SA30224] rxvt-unicode X11 Display Security Issue
[SA30191] Fedora update for audacity
[SA30171] UUDeview Insecure Temporary File Creation
[SA30230] Avaya CMS Solaris SSH X11 Forwarding Vulnerability
[SA30164] Debian update for kernel
Other:
[SA30262] Aruba Mobility Controller Authentication Bypass and
Cross-Site Scripting
[SA30223] Cisco Catalyst Content Switching Module Memory Leak
Vulnerability
[SA30175] Citrix Access Gateway Unspecified Authentication Bypass
[SA30142] ZyXEL ZyWALL 100 "Referer" Cross-Site Scripting
Vulnerability
Cross Platform:
[SA30275] TYPO3 sr_feuser_register Extension Multiple Vulnerabilities
[SA30263] LANAI CMS Multiple File Extensions Vulnerability
[SA30178] Fusebox "FUSEBOX_APPLICATION_PATH" File Inclusion
[SA30154] Cyberfolio "rep" File Inclusion Vulnerability
[SA30148] SazCart Multiple Vulnerabilities
[SA30268] Freelance Auction Script "pid" SQL Injection Vulnerability
[SA30267] Feedback and Rating Script "listingid" SQL Injection
[SA30266] AustinSmoke GasTracker "gastracker_admin" Security Bypass
[SA30257] Drupal Site Documentation Module Information Disclosure
[SA30245] EMO Realty Manager "ida" SQL Injection Vulnerability
[SA30244] The Real Estate Script "docID" SQL Injection Vulnerability
[SA30243] Automated Link Exchange Portal "cat_id" SQL Injection
[SA30242] WordNet Multiple Buffer Overflow Vulnerabilities
[SA30238] Cisco Unified Communications Manager Multiple Denial of
Service
[SA30235] WebGroupCommunicationCenter (WGCC) SQL Injection and
Cross-Site Scripting
[SA30234] libvorbis Multiple Vulnerabilities
[SA30232] e107 ZoGo-Shop Plugin "cat" SQL Injection Vulnerability
[SA30215] AJ Article "artid" SQL Injection Vulnerability
[SA30214] AJ Auction "item_id" SQL Injection Vulnerability
[SA30213] AJ Classifieds 2008 "posting_id" SQL Injection Vulnerability
[SA30211] Battle.net Clan Script "showmember" SQL Injection
Vulnerability
[SA30210] YABSoft Mega File Hosting Script "fid" SQL Injection
Vulnerability
[SA30209] PHP Classifieds Script "fatherID" SQL Injection
Vulnerabilities
[SA30208] CMS Made Simple Multiple File Extensions Vulnerability
[SA30207] Advanced Image Hosting "t" SQL Injection Vulnerability
[SA30206] EQdkp "eqdkp_data" SQL Injection Vulnerability
[SA30194] PhotoStore Multiple SQL Injection Vulnerabilities
[SA30186] CaLogic "langsel" SQL Injection Vulnerability
[SA30183] BIGACE Web CMS Multiple File Inclusion Vulnerabilities
[SA30180] AJ E-Commerce "cid" SQL Injection Vulnerability
[SA30170] Admidio "file" Information Disclosure
[SA30165] BlogPHP Script Insertion and Cross-Site Scripting
[SA30155] Chicken PCRE Buffer Overflow Vulnerability
[SA30144] vShare YouTube Clone "tid" SQL Injection Vulnerability
[SA30270] Mantis Cross-Site Request Forgery Vulnerability
[SA30250] Django Login Form Cross-Site Scripting Vulnerability
[SA30218] TYPO3 rlmp_eventdb Extension Cross-Site Scripting
Vulnerability
[SA30217] TYPO3 wt_gallery Extension Multiple Vulnerabilities
[SA30205] ActualAnalyzer "language" Cross-Site Scripting Vulnerability
[SA30204] IBM Lotus Quickr WYSIWYG Editors Unspecified Cross-Site
Scripting
[SA30200] RakNet Autopatcher Server Unspecified SQL Injection
Vulnerabilities
[SA30166] cPanel Cross-Site Scripting and Request Forgery
Vulnerabilities
[SA30152] phpVID "query" Cross-Site Scripting Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA30197] Microsoft Windows CE Image Processing Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-05-12
Some vulnerabilities have been reported in Microsoft Windows CE, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/30197/
--
[SA30150] Microsoft Publisher Object Handler Validation Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-05-13
A vulnerability has been reported in Microsoft Publisher, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30150/
--
[SA30143] Microsoft Word Two Code Execution Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-05-13
Two vulnerabilities have been reported in Microsoft Word, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30143/
--
[SA30233] Meto Forum Multiple SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-14
U238 has reported some vulnerabilities in Meto Forum, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30233/
--
[SA30172] Microsoft Malware Protection Engine File Parsing Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-05-13
Two vulnerabilities have been reported in various Microsoft products,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30172/
--
[SA30261] Symantec Altiris Deployment Solution Multiple
Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Manipulation of data, Exposure of sensitive information,
Privilege escalation, System access
Released: 2008-05-15
Some vulnerabilities and security issues have been reported in Symantec
Altiris Deployment Solution, which can be exploited by malicious, local
users to gain escalated privileges or manipulate certain data, and by
malicious people to disclose sensitive information, conduct SQL
injection attacks, and to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30261/
--
[SA30147] TFTP Server SP Long Error Message Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-05-09
tixxDZ has discovered a vulnerability in TFTP Server SP, which can be
exploited by malicious people to cause a DoS or compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/30147/
--
[SA30246] IDAutomation Barcode ActiveX Controls Insecure Methods
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-14
shinnai has discovered some vulnerabilities in various IDAutomation
Barcode ActiveX controls, which can be exploited by malicious people to
overwrite arbitrary files.
Full Advisory:
http://secunia.com/advisories/30246/
--
[SA30222] Cisco Building Broadband Service Manager "msg" Cross-Site
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-14
Brad Antoniewicz has reported a vulnerability in Cisco Building
Broadband Service Manager (BBSM), which can be exploited by malicious
people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30222/
--
[SA30141] Internet Explorer "Print Table of Links" Cross-Zone
Scripting
Critical: Less critical
Where: From remote
Impact: System access
Released: 2008-05-14
Aviv Raff has discovered a vulnerability in Internet Explorer, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30141/
--
[SA30271] Citrix Presentation Server Weakness and Unauthorised Access
Critical: Less critical
Where: From local network
Impact: Security Bypass
Released: 2008-05-15
A vulnerability and a weakness have been reported in Citrix
Presentation Server, which can be exploited by malicious users to
bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/30271/
--
[SA30203] Microsoft Windows XP I2O Utility Filter Driver Privilege
Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-05-13
A vulnerability has been reported in Microsoft Windows XP, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30203/
--
[SA30145] Internet Explorer "DisableCachingOfSSLPages" Weakness
Critical: Not critical
Where: Local system
Impact: Security Bypass, Exposure of sensitive information
Released: 2008-05-12
A weakness has been reported in Internet Explorer, which may result in
potentially sensitive information being inadvertently saved on a
system.
Full Advisory:
http://secunia.com/advisories/30145/
UNIX/Linux:--
[SA30253] Fedora update for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2008-05-15
Fedora has issued an update for clamav. which can be exploited by
malicious people to cause a DoS (Denial of Service), or to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/30253/
--
[SA30220] Debian OpenSSL Predictable Random Number Generator and
Update
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2008-05-13
Debian has issued an update for OpenSSL. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable system,
and a security issue, which can lead to weak cryptographic key
material.
Full Advisory:
http://secunia.com/advisories/30220/
--
[SA30202] SUSE Update for Multiple Packages
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, Privilege escalation, DoS, System access
Released: 2008-05-12
SUSE has issued updates for multiple packages. These fix some
vulnerabilities, which can be exploited by malicious, local users to
disclose and manipulate sensitive information, cause a DoS (Denial of
Service), and gain escalated privileges, malicious users to cause a DoS
and compromise a vulnerable system, and malicious people to disclose
potentially sensitive information, conduct cross-site scripting
attacks, cause a DoS, and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30202/
--
[SA30192] Fedora update for thunderbird
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, System access
Released: 2008-05-12
Fedora has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks, or
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30192/
--
[SA30179] Gentoo update for openoffice and openoffice-bin
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-05-15
Gentoo has issued an update for openoffice and openoffice-bin. This
fixes some vulnerabilities, which potentially can be exploited by
malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30179/
--
[SA30168] Gentoo update for ptex
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2008-05-13
Gentoo has acknowledged some vulnerabilities in ptex, which can be
exploited by malicious, local users to manipulate certain data and
malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30168/
--
[SA30161] Gentoo ltsp Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, Privilege escalation,
DoS, System access
Released: 2008-05-12
Gentoo has acknowledged some vulnerabilities within the ltsp package,
which can be exploited by malicious, local users to disclose
potentially sensitive information, cause a DoS (Denial of Service), and
gain escalated privileges, and by malicious people to cause a DoS or
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30161/
--
[SA30276] Fedora update for kernel
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-05-15
Fedora has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users and
potentially by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30276/
--
[SA30272] Fedora update for blender
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-05-15
Fedora has issued an update for blender. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30272/
--
[SA30269] Cisco Unified Presence SIP Proxy Service Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-05-15
A vulnerability has been reported in Cisco Unified Presence, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30269/
--
[SA30259] Fedora update for libvorbis
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-05-15
Fedora has issued an update for libvorbis. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise an application
using the library.
Full Advisory:
http://secunia.com/advisories/30259/
--
[SA30249] Debian update for openssh
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Released: 2008-05-14
Debian has issued an update for openssh. This fixes a vulnerability,
which can be exploited by malicious, local users to disclose
potentially sensitive information and a security issue, which can lead
to weak cryptographic key material.
Full Advisory:
http://secunia.com/advisories/30249/
--
[SA30248] Fedora update for rdesktop
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-05-15
Fedora has issued an update for rdesktop. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30248/
--
[SA30247] Red Hat update for libvorbis
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-05-14
Red Hat has issued an update for libvorbis. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise an application
using the library.
Full Advisory:
http://secunia.com/advisories/30247/
--
[SA30241] Linux Kernel Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2008-05-15
Some vulnerabilities have been reported in the Linux kernel, which can
be exploited by malicious, local users to bypass certain security
restrictions and by malicious people to potentially cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/30241/
--
[SA30239] Ubuntu update for openssh
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-05-14
Ubuntu has issued an update for openssh. This fixes a security issue,
which can lead to weak cryptographic key material.
Full Advisory:
http://secunia.com/advisories/30239/
--
[SA30237] Red Hat update for libvorbis
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-05-14
Red Hat has issued an update for libvorbis. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise an application
using the library.
Full Advisory:
http://secunia.com/advisories/30237/
--
[SA30231] Ubuntu update for ssl-cert
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-05-14
Ubuntu has issued an update for ssl-cert. This fixes a security issue,
which can lead to weak cryptographic key material.
Full Advisory:
http://secunia.com/advisories/30231/
--
[SA30221] Ubuntu update for openssl
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-05-13
Ubuntu has issued an update for openssl. This fixes a security issue,
which can lead to weak cryptographic key material.
Full Advisory:
http://secunia.com/advisories/30221/
--
[SA30219] Gentoo update for chicken
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-05-14
Gentoo has issued an update for chicken. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30219/
--
[SA30216] XEmacs "fast-lock-mode" File Processing Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-05-13
A vulnerability has been reported in XEmacs, which can be exploited by
malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30216/
--
[SA30199] GNU Emacs "fast-lock-mode" File Processing Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-05-13
Morten Welinder has reported a vulnerability in GNU Emacs, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30199/
--
[SA30198] rPath update for kernel
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2008-05-15
rPath has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions and by malicious people to
potentially cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30198/
--
[SA30195] HP-UX ftp Server Unspecified Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-05-13
A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/30195/
--
[SA30193] Fedora update for sipp
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-05-12
Fedora has issued an update for sipp. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or to potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30193/
--
[SA30189] Fedora update for zoneminder
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-05-12
Fedora has issued an update for zoneminder. This fixes some
vulnerabilities, which potentially can be exploited by malicious users
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30189/
--
[SA30188] Fedora update for tkimg
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-05-12
Fedora has issued an update for tkimg. This fixes a vulnerability,
which can be exploited by malicious people to compromise an application
using the library.
Full Advisory:
http://secunia.com/advisories/30188/
--
[SA30174] Gentoo update for pngcrush
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-05-12
Gentoo has issued an update for pngcrush. This fixes a vulnerability,
which can be exploited by malicious people to disclose potentially
sensitive information or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30174/
--
[SA30169] Gentoo update for cdf
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-05-14
Gentoo has issued an update for cdf. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise an
application using the library.
Full Advisory:
http://secunia.com/advisories/30169/
--
[SA30163] Gentoo update for inspircd
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-05-12
Gentoo has issued an update for inspircd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30163/
--
[SA30159] Debian update for rdesktop
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-05-12
Debian has issued an update for rdesktop. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30159/
--
[SA30158] Debian update for php5
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2008-05-12
Debian has issued an update for php5. This fixes some vulnerabilities,
which can be exploited by malicious, local users to bypass certain
security restrictions, malicious users to bypass certain security
restrictions, and malicious people to cause a DoS (Denial of Service)
or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30158/
--
[SA30157] Pngcrush libpng Unknown Chunk Processing Uninitialized Memory
Access
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS, System access
Released: 2008-05-12
A vulnerability has been reported in Pngcrush, which can be exploited
by malicious people to disclose potentially sensitive information or
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/30157/
--
[SA30156] Sarg Multiple Unspecified Buffer Overflows
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2008-05-12
Some vulnerabilities with unknown impacts have been reported in Sarg.
Full Advisory:
http://secunia.com/advisories/30156/
--
[SA30151] Gentoo update for blender
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-05-13
Gentoo has issued an update for blender. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/30151/
--
[SA30190] Fedora update for cups
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2008-05-12
Fedora has issued an update for cups. This fixes a vulnerability, which
can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30190/
--
[SA30185] Fedora Directory Server Regular Expression Handler Buffer
Overflow
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-05-12
A vulnerability has been reported in Fedora Directory Server, which can
be exploited by malicious users to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30185/
--
[SA30184] Sun Solaris Print Service Unspecified Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2008-05-12
Some vulnerabilities have been reported in Sun Solaris, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/30184/
--
[SA30181] Red Hat Directory Server Regular Expression Handler Buffer
Overflow
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2008-05-12
A vulnerability has been reported in Red Hat Directory Server, which
can be exploited by malicious users to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30181/
--
[SA30162] Gentoo update for firebird
Critical: Moderately critical
Where: From local network
Impact: Security Bypass
Released: 2008-05-12
Gentoo has acknowledged a security issue in firebird, which can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/30162/
--
[SA30236] Fedora update for licq
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-05-14
Fedora has issued an update for licq. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30236/
--
[SA30182] Gentoo update for libid3tag
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-05-15
Gentoo has issued an update for libid3tag. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30182/
--
[SA30173] Fedora update for libid3tag
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2008-05-14
Fedora has issued an update for libid3tag. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30173/
--
[SA30167] Fedora update for bugzilla
Critical: Less critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2008-05-12
Fedora has issued an update for bugzilla. This fixes some
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions or by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30167/
--
[SA30160] Gentoo update for moinmoin
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-05-12
Gentoo has issued an update for moinmoin. This fixes a vulnerability,
which can be exploited by malicious users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/30160/
--
[SA30153] Build A Niche Store "q" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-13
Russ McRee has reported a vulnerability in Build A Niche Store (BANS),
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/30153/
--
[SA30240] Cisco Unified Presence Presence Engine Service Two Denial of
Service Vulnerabilities
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2008-05-15
Two vulnerabilities have been reported in Cisco Unified Presence, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/30240/
--
[SA30187] Net-snmp Perl Module "__snprint_value()" Buffer Overflow
Critical: Less critical
Where: From local network
Impact: DoS, System access
Released: 2008-05-14
A vulnerability has been reported in Net-snmp, which potentially can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30187/
--
[SA30260] Fedora update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2008-05-15
Fedora has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) or to potentially gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/30260/
--
[SA30229] Gentoo update for aterm, eterm, rxvt, mrxvt, multi-aterm,
wterm, and rxvt-unicode
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-05-13
Gentoo has issued an update for aterm, eterm, rxvt, mrxvt, multi-aterm,
wterm, and rxvt-unicode. This fixes a security issue, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30229/
--
[SA30227] mrxvt X11 Display Security Issue
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-05-13
A security issue has been reported in mrxvt, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30227/
--
[SA30226] wterm X11 Display Security Issue
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-05-13
A security issue has been reported in wterm, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30226/
--
[SA30225] aterm X11 Display Security Issue
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-05-13
A security issue has been reported in aterm, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30225/
--
[SA30224] rxvt-unicode X11 Display Security Issue
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2008-05-13
A security issue has been reported in rxvt-unicode, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/30224/
--
[SA30191] Fedora update for audacity
Critical: Less critical
Where: Local system
Impact: Manipulation of data, DoS
Released: 2008-05-12
Fedora has issued an update for audacity. This fixes a security issue,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service) or to delete arbitrary files and directories.
Full Advisory:
http://secunia.com/advisories/30191/
--
[SA30171] UUDeview Insecure Temporary File Creation
Critical: Less critical
Where: Local system
Impact: Manipulation of data
Released: 2008-05-14
Marco d'Itri has reported a vulnerability in UUDeview, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://secunia.com/advisories/30171/
--
[SA30230] Avaya CMS Solaris SSH X11 Forwarding Vulnerability
Critical: Not critical
Where: Local system
Impact: Exposure of sensitive information, Privilege escalation
Released: 2008-05-14
Avaya has acknowledged a vulnerability in CMS, which can be exploited
by malicious, local users to disclose sensitive information or
potentially perform actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/30230/
--
[SA30164] Debian update for kernel
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2008-05-13
Debian has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/30164/
Other:--
[SA30262] Aruba Mobility Controller Authentication Bypass and
Cross-Site Scripting
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2008-05-15
Some vulnerabilities have been reported in Aruba Mobility Controller,
which can be exploited by malicious people to bypass certain security
restrictions or to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30262/
--
[SA30223] Cisco Catalyst Content Switching Module Memory Leak
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-05-15
A vulnerability has been reported in Cisco Catalyst Content Switching
Module (CSM) and Cisco Catalyst Content Switching Module with SSL
(CSM-S), which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/30223/
--
[SA30175] Citrix Access Gateway Unspecified Authentication Bypass
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2008-05-13
A security issue has been reported in Citrix Access Gateway, which can
be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/30175/
--
[SA30142] ZyXEL ZyWALL 100 "Referer" Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-13
Deniz Cevik has reported a vulnerability in ZyXEL ZyWALL 100, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/30142/
Cross Platform:--
[SA30275] TYPO3 sr_feuser_register Extension Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2008-05-15
Some vulnerabilities have been reported in the sr_feuser_register
extension for TYPO3, which can be exploited by malicious people to
conduct cross-site scripting attacks or compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/30275/
--
[SA30263] LANAI CMS Multiple File Extensions Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2008-05-15
EgiX has discovered a vulnerability in LANAI CMS, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30263/
--
[SA30178] Fusebox "FUSEBOX_APPLICATION_PATH" File Inclusion
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-05-15
MajnOoNxHaCkEr has discovered a vulnerability in Fusebox, which can be
exploited by malicious people to disclose sensitive information and to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30178/
--
[SA30154] Cyberfolio "rep" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-05-09
RoMaNcYxHaCkEr has reported a vulnerability in Cyberfolio, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30154/
--
[SA30148] SazCart Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information, System access
Released: 2008-05-09
Some vulnerabilities have been discovered in SazCart, which can be
exploited by malicious people to conduct SQL injection attacks and to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30148/
--
[SA30268] Freelance Auction Script "pid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-05-15
t0pP8uZz has reported a vulnerability in Freelance Auction Script,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/30268/
--
[SA30267] Feedback and Rating Script "listingid" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-05-15
t0pP8uZz has reported a vulnerability in Feedback and Rating Script,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/30267/
--
[SA30266] AustinSmoke GasTracker "gastracker_admin" Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2008-05-15
t0pP8uZz has discovered a vulnerability in AustinSmoke GasTracker
(AS-GasTracker), which can be exploited by malicious people to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/30266/
--
[SA30257] Drupal Site Documentation Module Information Disclosure
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2008-05-15
A vulnerability has been reported in the Site Documentation module for
Drupal, which can be exploited by malicious people to disclose
sensitive information.
Full Advisory:
http://secunia.com/advisories/30257/
--
[SA30245] EMO Realty Manager "ida" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-14
HaCkeR_EgY has reported a vulnerability in EMO Realty Manager, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30245/
--
[SA30244] The Real Estate Script "docID" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-14
HaCkeR_EgY has reported a vulnerability in The Real Estate Script,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/30244/
--
[SA30243] Automated Link Exchange Portal "cat_id" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-14
HaCkeR_EgY has reported a vulnerability in Automated Link Exchange
Portal, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30243/
--
[SA30242] WordNet Multiple Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-05-14
Some vulnerabilities have been reported in WordNet, which potentially
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/30242/
--
[SA30238] Cisco Unified Communications Manager Multiple Denial of
Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2008-05-15
Some vulnerabilities have been reported in Cisco Unified Communications
Manager, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/30238/
--
[SA30235] WebGroupCommunicationCenter (WGCC) SQL Injection and
Cross-Site Scripting
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2008-05-14
Some vulnerabilities have been reported in WebGroupCommunicationCenter
(WGCC), which can be exploited by malicious users to conduct SQL
injection attacks and malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/30235/
--
[SA30234] libvorbis Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-05-14
Some vulnerabilities have been reported in libvorbis, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/30234/
--
[SA30232] e107 ZoGo-Shop Plugin "cat" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-14
Cr@zy_King has discovered a vulnerability in the ZoGo-Shop plugin for
e107, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30232/
--
[SA30215] AJ Article "artid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-15
t0pP8uZz has reported a vulnerability in AJ Article, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30215/
--
[SA30214] AJ Auction "item_id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-14
t0pP8uZz has reported a vulnerability in AJ Auction, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30214/
--
[SA30213] AJ Classifieds 2008 "posting_id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-15
t0pP8uZz has reported a vulnerability in AJ Classifieds 2008, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30213/
--
[SA30211] Battle.net Clan Script "showmember" SQL Injection
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-13
Stack-Terrorist has discovered a vulnerability in Battle.net Clan
Script, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30211/
--
[SA30210] YABSoft Mega File Hosting Script "fid" SQL Injection
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-13
TurkishWarriorr has reported a vulnerability in YABSoft Mega File
Hosting Script, which can be exploited by malicious people to conduct
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30210/
--
[SA30209] PHP Classifieds Script "fatherID" SQL Injection
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-15
Cyb3r-1sT has reported some vulnerabilities in PHP Classifieds Script,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/30209/
--
[SA30208] CMS Made Simple Multiple File Extensions Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2008-05-14
EgiX has discovered a vulnerability in CMS Made Simple, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30208/
--
[SA30207] Advanced Image Hosting "t" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-05-14
Stack-Terrorist has reported a vulnerability in Advanced Image Hosting
(AIH), which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/30207/
--
[SA30206] EQdkp "eqdkp_data" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-14
A vulnerability has been discovered in EQdkp, which can be exploited by
malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30206/
--
[SA30194] PhotoStore Multiple SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2008-05-14
Some vulnerabilities have been reported in PhotoStore, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30194/
--
[SA30186] CaLogic "langsel" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-14
His0k4 has reported a vulnerability in CaLogic, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30186/
--
[SA30183] BIGACE Web CMS Multiple File Inclusion Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2008-05-13
BiNgZa has discovered some vulnerabilities in BIGACE Web CMS, which can
be exploited by malicious people to disclose sensitive information and
to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30183/
--
[SA30180] AJ E-Commerce "cid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-14
t0pP8uZz has reported a vulnerability in AJ E-Commerce, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30180/
--
[SA30170] Admidio "file" Information Disclosure
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2008-05-14
n3v3rh00d has reported a vulnerability in Admidio, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/30170/
--
[SA30165] BlogPHP Script Insertion and Cross-Site Scripting
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-13
David Sopas Ferreira has discovered two vulnerabilities in BlogPHP,
which can be exploited by malicious people to conduct cross-site
scripting and script insertion attacks.
Full Advisory:
http://secunia.com/advisories/30165/
--
[SA30155] Chicken PCRE Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2008-05-14
A vulnerability been reported in Chicken, which can be exploited by
malicious people to cause a DoS (Denial of Service) or potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/30155/
--
[SA30144] vShare YouTube Clone "tid" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-09
Saime has reported a vulnerability in vShare YouTube Clone, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/30144/
--
[SA30270] Mantis Cross-Site Request Forgery Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-15
thraxisp has reported a vulnerability in Mantis, which can be exploited
by malicious people to conduct cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/30270/
--
[SA30250] Django Login Form Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-14
A vulnerability has been reported in Django, which can be exploited by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30250/
--
[SA30218] TYPO3 rlmp_eventdb Extension Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-13
A vulnerability has been reported in the rlmp_eventdb extension for
TYPO3, which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/30218/
--
[SA30217] TYPO3 wt_gallery Extension Multiple Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released: 2008-05-13
Some vulnerabilities have been reported in the wt_gallery extension for
TYPO3, which can be exploited by malicious people to disclose sensitive
information or conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30217/
--
[SA30205] ActualAnalyzer "language" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-13
David Vieira-Kurz has reported a vulnerability in ActualAnalyzer, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/30205/
--
[SA30204] IBM Lotus Quickr WYSIWYG Editors Unspecified Cross-Site
Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-13
A vulnerability has been reported in IBM Lotus Quickr, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30204/
--
[SA30200] RakNet Autopatcher Server Unspecified SQL Injection
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2008-05-13
Some vulnerabilities have been reported in RakNet, which can
potentially be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/30200/
--
[SA30166] cPanel Cross-Site Scripting and Request Forgery
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-13
Matteo Carli has reported some vulnerabilities in cPanel, which can be
exploited by malicious people to conduct cross-site scripting and
cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/30166/
--
[SA30152] phpVID "query" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2008-05-15
Russ McRee has reported a vulnerability in phpVID, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/30152/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support () secunia com
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_______________________________________________
Attend Black Hat USA, August 2-7 in Las Vegas,
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.
Visit product displays by 30 top sponsors in
a relaxed setting. http://www.blackhat.com
Current thread:
- Secunia Weekly Summary - Issue: 2008-20 InfoSec News (May 16)