[ISN] Secunia Weekly Summary - Issue: 2005-16

From: InfoSec News (isn@private)
Date: Mon Apr 25 2005 - 22:48:29 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-04-14 - 2005-04-21                        

                       This week : 63 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Want a new IT Security job?

Vacant positions at Secunia:
http://secunia.com/secunia_vacancies/

========================================================================
2) This Week in Brief:

GreyMagic Security has reported a vulnerability in Windows 2000, which
can be exploited by malicious people to compromise a user's system.

No patch is available from the vendor. However, an alternate workaround
is described in the referenced Secunia advisory below.

Reference:
http://secunia.com/SA15017

--

The Mozilla Foundation has released new versions of Mozilla and Mozilla
Firefox, correcting several new vulnerabilities including the
"JavaScript Arbitrary Memory Exposure" vulnerability disclosed on
the 4th April.

View the Secunia advisories below for additional details.

References:
http://secunia.com/SA14820
http://secunia.com/SA14938
http://secunia.com/SA14992

--

Piotr Bania has reported a vulnerability in Realplayer and RealOne,
which can be exploited by malicious people to compromise a user's
system.

Users are advised to check for available updates.

Reference:
http://secunia.com/SA15023

--

Apple has issued an update for Mac OS X, which fixes various
vulnerabilities.

Please refer to Secunia advisory below for details.

Reference:
http://secunia.com/SA14974


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA14938] Mozilla Firefox Multiple Vulnerabilities
2.  [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure
              Vulnerability
3.  [SA14896] Microsoft Jet Database Engine Database File Parsing
              Vulnerability
4.  [SA12959] Internet Explorer HTML Elements Buffer Overflow
              Vulnerability
5.  [SA14992] Mozilla Multiple Vulnerabilities
6.  [SA14879] Lotus Notes/Domino Multiple Vulnerabilities
7.  [SA12758] Microsoft Word Document Parsing Buffer Overflow
              Vulnerabilities
8.  [SA14821] Mozilla Suite JavaScript Engine Information Disclosure
              Vulnerability
9.  [SA14962] IBM WebSphere Application Server JSP Source Exposure
10. [SA15017] Microsoft Windows Explorer Web View Script Insertion
              Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA15000] Simple Web Server Request Handling Buffer Overflow
[SA14967] Yager Buffer Overflow and Denial of Service Vulnerabilities
[SA15026] Ocean12 Calendar Manager Pro SQL Injection Vulnerability
[SA15017] Microsoft Windows Explorer Web View Script Insertion
Vulnerability
[SA14999] WebcamXP Chat Name Script Insertion Vulnerability
[SA14996] Netscape Two Vulnerabilities
[SA14969] OneWorldStore Multiple Vulnerabilities
[SA14989] McAfee Internet Security Suite 2005 Insecure File
Permissions

UNIX/Linux:
[SA15043] Fedora update for HelixPlayer
[SA15028] SUSE update for realplayer
[SA15018] Gentoo update for mplayer
[SA15014] MPlayer RTSP and MMST Streams Buffer Overflow
Vulnerabilities
[SA15005] Fedora update for php
[SA15002] Gentoo update for mozilla/firefox
[SA14995] SUSE update for OpenOffice_org
[SA14988] Mandrake update for php
[SA14984] Gentoo update for monkeyd
[SA14983] Gentoo update for openoffice
[SA14975] Gentoo update for php
[SA15042] Fedora update for cvs
[SA15019] Red Hat update for kernel
[SA15012] Fedora update for curl
[SA15003] SUSE update for cvs
[SA14998] Gentoo update for xv
[SA14994] Gentoo update for cvs
[SA14991] Debian update for libexif
[SA14987] SUSE Updates for Multiple Packages
[SA14986] Debian update for php3
[SA14985] OmniWeb Local Domain Arbitrary Code Execution Vulnerability
[SA14977] xv Multiple Vulnerabilities
[SA14976] CVS Buffer Overflow and Denial of Service Vulnerabilities
[SA14974] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA14973] SUSE update for php4/php5
[SA14966] SGI Advanced Linux Environment Multiple Updates
[SA15021] Red Hat update for xloadimage
[SA15007] Fedora update for htdig
[SA15006] Fedora update for nasm
[SA15001] Debian update for gtkhtml
[SA14997] Debian info2www Cross-Site Scripting Vulnerability
[SA14978] libsafe Race Condition Protection Mechanism Bypass
[SA15016] SUSE update for postgresql
[SA14970] OS/400 Incoming Remote Command Service Denial of Service
[SA15022] Debian geneweb Arbitrary File Manipulation Vulnerability
[SA15020] Red Hat logwatch secure Script Parsing Error Denial of
Service
[SA14981] Sun Solaris Network Port Hijacking Vulnerability
[SA14979] Solaris Xsun and Xprt Server Font Handling Vulnerabilities
[SA14971] Solaris Unspecified Generic Security Services Library
Vulnerability
[SA14968] Fedora update for sharutils

Other:


Cross Platform:
[SA15023] Realplayer/RealOne RAM File Processing Buffer Overflow
Vulnerability
[SA15013] AZ Bulletin Board Multiple Vulnerabilities
[SA14992] Mozilla Multiple Vulnerabilities
[SA14972] All4WWW-Homepagecreator "site" File Inclusion Vulnerability
[SA15029] phpBB phpbb-Auction Module SQL Injection Vulnerabilities
[SA15024] UBB.threads "main" SQL Injection Vulnerability
[SA15004] Coppermine Photo Gallery Cross-Site Scripting and SQL
Injection
[SA14982] eGroupWare Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA14980] myBloggie Comment Script Insertion Vulnerability
[SA15027] PHP Labs proFile "dir" and "file" Cross-Site Scripting
[SA15015] Knusperleicht Shoutbox Exposure of Sensitive Information
[SA15011] CityPost Image Editor Cross-Site Scripting Vulnerabilities
[SA15010] CityPost Simple PHP Upload "message" Cross-Site Scripting
[SA15009] CityPost Automated Link Exchange "msg" Cross-Site Scripting
[SA14965] PHP-Nuke "forwarder" Parameter HTTP Response Splitting

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA15000] Simple Web Server Request Handling Buffer Overflow

Critical:    Extremely critical
Where:       From remote
Impact:      System access
Released:    2005-04-19

Michael Thumann has reported a vulnerability in PMSoftware Simple Web
Server, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/15000/

 --

[SA14967] Yager Buffer Overflow and Denial of Service Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-15

Luigi Auriemma has reported some vulnerabilities in Yager, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14967/

 --

[SA15026] Ocean12 Calendar Manager Pro SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-04-20

Zinho has reported a vulnerability in Ocean12 Calendar Manager Pro,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/15026/

 --

[SA15017] Microsoft Windows Explorer Web View Script Insertion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-04-20

GreyMagic has discovered a vulnerability in Windows, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15017/

 --

[SA14999] WebcamXP Chat Name Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-19

Donnie Werner has discovered a vulnerability in WebcamXP, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/14999/

 --

[SA14996] Netscape Two Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2005-04-19

Some vulnerabilities have been reported in Netscape, which potentially
can be exploited by malicious people to conduct cross-site scripting
attacks and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/14996/

 --

[SA14969] OneWorldStore Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-04-15

Some vulnerabilities have been reported in OneWorldStore, which can be
exploited by malicious people to conduct cross-site scripting, script
insertion and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/14969/

 --

[SA14989] McAfee Internet Security Suite 2005 Insecure File
Permissions

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data, Privilege escalation
Released:    2005-04-19

A security issue has been reported in McAfee Internet Security Suite
2005, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/14989/


UNIX/Linux:--

[SA15043] Fedora update for HelixPlayer

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-04-21

Fedora has issued an update for HelixPlayer. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/15043/

 --

[SA15028] SUSE update for realplayer

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-04-20

SUSE has issued an update for realplayer. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15028/

 --

[SA15018] Gentoo update for mplayer

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-04-20

Gentoo has issued an update for mplayer. This fixes two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15018/

 --

[SA15014] MPlayer RTSP and MMST Streams Buffer Overflow
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-04-20

Two vulnerabilities have been reported in MPlayer, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15014/

 --

[SA15005] Fedora update for php

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-19

Fedora has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15005/

 --

[SA15002] Gentoo update for mozilla/firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information, System access
Released:    2005-04-19

Gentoo has issued updates for mozilla and firefox. These fix some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions,
gain knowledge of potentially sensitive information, and compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/15002/

 --

[SA14995] SUSE update for OpenOffice_org

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-04-19

SUSE has issued an update for OpenOffice_org. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/14995/

 --

[SA14988] Mandrake update for php

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-19

MandrakeSoft has issued an update for php. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/14988/

 --

[SA14984] Gentoo update for monkeyd

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-18

Gentoo has issued an update for monkeyd. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14984/

 --

[SA14983] Gentoo update for openoffice

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-04-18

Gentoo has issued updates for openoffice. These fix a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/14983/

 --

[SA14975] Gentoo update for php

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-18

Gentoo has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14975/

 --

[SA15042] Fedora update for cvs

Critical:    Moderately critical
Where:       From remote
Impact:      System access, DoS, Unknown
Released:    2005-04-21

Fedora has issued an update for cvs. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15042/

 --

[SA15019] Red Hat update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS, System access, Hijacking
Released:    2005-04-20

Red Hat has issued an update for the kernel. This fixes multiple
vulnerabilities, which can be exploited to gain knowledge of various
information, gain escalated privileges, hijack other users terminal
sessions, or cause a DoS (Denial of Service), or potentially compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15019/

 --

[SA15012] Fedora update for curl

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-04-21

Fedora has issued an update for curl. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15012/

 --

[SA15003] SUSE update for cvs

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-19

SUSE has issued an update for cvs. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15003/

 --

[SA14998] Gentoo update for xv

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-04-19

Gentoo has issued an update for xv. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/14998/

 --

[SA14994] Gentoo update for cvs

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2005-04-19

Gentoo has issued an update for cvs. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14994/

 --

[SA14991] Debian update for libexif

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-18

Debian has issued an update for libexif. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14991/

 --

[SA14987] SUSE Updates for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Spoofing, Manipulation of data, DoS,
System access
Released:    2005-04-18

SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), conduct cross-site scripting attacks, poison
the DNS cache, or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14987/

 --

[SA14986] Debian update for php3

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-04-18

Debian has issued an update for php3. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/14986/

 --

[SA14985] OmniWeb Local Domain Arbitrary Code Execution Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-04-19

David Remahl has reported a vulnerability in OmniWeb, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/14985/

 --

[SA14977] xv Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-04-19

Tavis Ormandy has reported some vulnerabilities in xv, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/14977/

 --

[SA14976] CVS Buffer Overflow and Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2005-04-19

Multiple vulnerabilities have been reported in CVS, where one has an
unknown impact and others which potentially can be exploited by
malicious people to cause a DoS (Denial of Service) and compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/14976/

 --

[SA14974] Mac OS X Security Update Fixes Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation, DoS, System access
Released:    2005-04-18

Apple has issued an update for Mac OS X, which fixes various
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/14974/

 --

[SA14973] SUSE update for php4/php5

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-04-15

SUSE has issued updates for php4 and php5. These fix two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14973/

 --

[SA14966] SGI Advanced Linux Environment Multiple Updates

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-04-15

SGI has issued a patch for SGI Advanced Linux Environment. This fixes
multiple vulnerabilities, which can be exploited by malicious, local
users to cause a DoS (Denial of Service) and by malicious people to
crash certain applications on a vulnerable system and compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/14966/

 --

[SA15021] Red Hat update for xloadimage

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-04-20

Red Hat has issued an update for xloadimage. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15021/

 --

[SA15007] Fedora update for htdig

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-20

Fedora has issued an update for htdig. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/15007/

 --

[SA15006] Fedora update for nasm

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-04-19

Fedora has issued an update for nasm. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15006/

 --

[SA15001] Debian update for gtkhtml

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-04-19

Debian has issued an update for gtkhtml. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) on certain applications using it (eg. Evolution).

Full Advisory:
http://secunia.com/advisories/15001/

 --

[SA14997] Debian info2www Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-19

Debian has issued an update for info2www. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/14997/

 --

[SA14978] libsafe Race Condition Protection Mechanism Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-04-18

"Overflow.pl" has discovered a security issue in libsafe, which can be
exploited by malicious people to bypass the security mechanism.

Full Advisory:
http://secunia.com/advisories/14978/

 --

[SA15016] SUSE update for postgresql

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation
Released:    2005-04-20

SUSE has issued an update for postgresql. This fixes some
vulnerabilities, which can be exploited by malicious users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/15016/

 --

[SA14970] OS/400 Incoming Remote Command Service Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-04-18

A vulnerability has been reported in OS/400, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/14970/

 --

[SA15022] Debian geneweb Arbitrary File Manipulation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data
Released:    2005-04-20

Debian has issued an update for geneweb. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/15022/

 --

[SA15020] Red Hat logwatch secure Script Parsing Error Denial of
Service

Critical:    Less critical
Where:       Local system
Impact:      DoS
Released:    2005-04-20

Red Hat has issued an update for logwatch. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/15020/

 --

[SA14981] Sun Solaris Network Port Hijacking Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Hijacking
Released:    2005-04-19

A vulnerability has been reported in Solaris, which can be exploited by
malicious, local users to hijack network ports.

Full Advisory:
http://secunia.com/advisories/14981/

 --

[SA14979] Solaris Xsun and Xprt Server Font Handling Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-04-19

Sun Microsystems has acknowledged some vulnerabilities in Solaris,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/14979/

 --

[SA14971] Solaris Unspecified Generic Security Services Library
Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-04-15

A vulnerability has been reported in Solaris, which potentially can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/14971/

 --

[SA14968] Fedora update for sharutils

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-04-15

Fedora has issued an update for sharutils. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to conduct
certain actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/14968/


Other:


Cross Platform:--

[SA15023] Realplayer/RealOne RAM File Processing Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-04-20

Piotr Bania has reported a vulnerability in Realplayer and RealOne,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15023/

 --

[SA15013] AZ Bulletin Board Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
System access
Released:    2005-04-20

James Bercegay has reported some vulnerabilities in AZ Bulletin Board,
which can be exploited by malicious users to delete arbitrary files,
and by malicious people to determine the existence of local files or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15013/

 --

[SA14992] Mozilla Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, System access
Released:    2005-04-18

Multiple vulnerabilities have been reported in Mozilla Suite, which can
be exploited by malicious people to conduct cross-site scripting
attacks, bypass certain security restrictions, and compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/14992/

 --

[SA14972] All4WWW-Homepagecreator "site" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-04-15

Francisco Alisson has reported a vulnerability in
All4WWW-Homepagecreator, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/14972/

 --

[SA15029] phpBB phpbb-Auction Module SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-04-20

sNKenjoi has reported two vulnerabilities in the phpbb-Auction module
for phpBB, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/15029/

 --

[SA15024] UBB.threads "main" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-04-20

Axl has reported a vulnerability in UBB.threads, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15024/

 --

[SA15004] Coppermine Photo Gallery Cross-Site Scripting and SQL
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-04-19

Two vulnerabilities have been reported in Coppermine Photo Gallery,
which can be exploited by malicious users to conduct script insertion
attacks and by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15004/

 --

[SA14982] eGroupWare Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-04-18

James Bercegay has reported some vulnerabilities in eGroupWare, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/14982/

 --

[SA14980] myBloggie Comment Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-18

Francisco Alisson has discovered a vulnerability in myBloggie, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/14980/

 --

[SA15027] PHP Labs proFile "dir" and "file" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-20

sNKenjoi has reported two vulnerabilities in PHP Labs proFile, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/15027/

 --

[SA15015] Knusperleicht Shoutbox Exposure of Sensitive Information

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-04-20

CorryL has reported a security issue in Knusperleicht Shoutbox, which
can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/15015/

 --

[SA15011] CityPost Image Editor Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-19

sNKenjoi has reported some vulnerabilities in Image Editor, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/15011/

 --

[SA15010] CityPost Simple PHP Upload "message" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-19

sNKenjoi has reported a vulnerability in Simple PHP Upload, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/15010/

 --

[SA15009] CityPost Automated Link Exchange "msg" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-19

sNKenjoi has reported a vulnerability in Automated Link Exchange, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/15009/

 --

[SA14965] PHP-Nuke "forwarder" Parameter HTTP Response Splitting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-04-18

Diabolic Crab has reported a vulnerability in PHP-Nuke, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/14965/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45

========================================================================




_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Tue Apr 26 2005 - 01:21:31 PDT