========================================================================
The Secunia Weekly Advisory Summary
2005-05-12 - 2005-05-19
This week : 57 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
Colin Percival has reported a vulnerability in various operating
systems supporting Intel's Hyper-Threading Technology (HTT), which can
be exploited by malicious, local users to gain knowledge of sensitive
information.
More information can be found in referenced Secunia advisories below.
Reference:
http://secunia.com/SA15348
http://secunia.com/SA15342
VIRUS ALERTS:
Secunia has not issued any virus alerts during the week.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA15292] Mozilla Firefox Two Vulnerabilities
2. [SA12979] Mozilla Firefox Download Dialog Spoofing Vulnerabilities
3. [SA15310] iTunes MPEG-4 File Parsing Buffer Overflow Vulnerability
4. [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure
Vulnerability
5. [SA15348] FreeBSD Hyper-Threading Support Information Disclosure
6. [SA15341] Linux Kernel ELF Core Dump Privilege Escalation
Vulnerability
7. [SA12758] Microsoft Word Document Parsing Buffer Overflow
Vulnerabilities
8. [SA15340] EnCase Device Configuration Overlay Data Acquisition
Weakness
9. [SA15017] Microsoft Windows Explorer Web View Script Insertion
Vulnerability
10. [SA15327] phpBB Attachment Mod Module Unspecified Realname
Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA15397] DotNetNuke Script Insertion Vulnerabilities
[SA15379] Sigma ISP Manager SQL Injection Vulnerabilities
[SA15363] War Times Nickname Handling Denial of Service Vulnerability
[SA15362] ImageGallery system Exposure of User Credentials
[SA15394] Fastream NETFile FTP/Web Server FTP Bounce Vulnerability
[SA15374] Ultimate Forum Exposure of Encrypted User Credentials
[SA15373] GA's Guest Book Exposure of Sensitive Information
UNIX/Linux:
[SA15407] Red Hat update for kdelibs
[SA15387] Pico Server Multiple Vulnerabilities
[SA15376] Gentoo update for Mozilla / Mozilla Firefox
[SA15370] Conectiva update for kde
[SA15367] Mandriva update for mozilla
[SA15358] Mandriva update for kdelibs
[SA15357] Mandriva update for gaim
[SA15350] Red Hat update for openmotif
[SA15408] Red Hat update for cyrus-imapd
[SA15399] iControl Services Manager Multiple Vulnerabilities
[SA15398] SCO OpenServer update for telnet
[SA15389] Slackware update for mozilla
[SA15388] ignitionServer Access Entry Deletion and Channel Locking
Vulnerabilities
[SA15381] Fedora update for squid
[SA15359] Mandriva update for gnutls
[SA15351] Ubuntu update for gnutls
[SA15380] Trustix update for postgresql
[SA15375] Gentoo update for postgresql
[SA15404] Gentoo update for freeradius
[SA15403] Ubuntu update for nasm
[SA15390] Slackware update for ncftp
[SA15378] Gentoo update for phpBB
[SA15364] Slackware update for gaim
[SA15361] FreeRADIUS Potential SQL Injection and Buffer Overflow
Vulnerabilities
[SA15356] Mandriva update for tcpdump
[SA15352] NASM "ieee_putascii()" Buffer Overflow Vulnerability
[SA15383] Trustix update for squid
[SA15406] Red Hat update for ncpfs
[SA15392] Linux Kernel pktcdvd and raw device Block Device
Vulnerabilities
[SA15386] Cheetah Insecure Module Importing Vulnerability
[SA15384] Avaya CMS/IR Network Port Hijacking Vulnerability
[SA15382] Trustix update for kernel
[SA15366] Avaya CMS/IR Xsun and Xprt Server Font Handling
Vulnerabilities
[SA15365] IBM HTTP Server "mod_include" Vulnerability
[SA15354] cdrdao Unspecified Privilege Escalation Vulnerability
[SA15348] FreeBSD Hyper-Threading Support Information Disclosure
Other:
[SA15349] Cisco Firewall Services Module TCP Packet URL Filtering
Bypass
Cross Platform:
[SA15410] eDMS Multiple Unspecified Vulnerabilities
[SA15405] Serendipity File Upload and Cross-Site Scripting
Vulnerabilities
[SA15401] Help Center Live Multiple Vulnerabilities
[SA15396] Woltlab Burning Board JGS-Portal SQL Injection
Vulnerabilities
[SA15395] Woltlab Burning Board "email" SQL Injection Vulnerability
[SA15391] PostNuke "func" Local File Inclusion Vulnerability
[SA15385] NPDS Cross-Site Scripting and SQL Injection Vulnerabilities
[SA15377] Skull-Splitter's PHP Guestbook Script Insertion
Vulnerability
[SA15371] SafeHTML "_writeAttrs()" Quote Handling Security Bypass
[SA15360] Kerio MailServer Two Denial of Service Vulnerabilities
[SA15355] Bug Report Script Insertion Vulnerability
[SA15353] Direct Topics Script Insertion and SQL Injection
[SA15400] Shop-Script FREE "categoryID" and "productID" SQL Injection
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA15397] DotNetNuke Script Insertion Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-05-17
Mark Woan has reported some vulnerabilities in DotNetNuke, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/15397/
--
[SA15379] Sigma ISP Manager SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-05-17
last samurai has reported some vulnerabilities in Sigma ISP Manager,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/15379/
--
[SA15363] War Times Nickname Handling Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-05-17
Luigi Auriemma has reported a vulnerability in War Times, which can be
exploited by malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15363/
--
[SA15362] ImageGallery system Exposure of User Credentials
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-05-17
g0rellazz G0r has reported a security issue in ImageGallery system,
which can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/15362/
--
[SA15394] Fastream NETFile FTP/Web Server FTP Bounce Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-05-17
Tan Chew Keong has reported a vulnerability in Fastream NETFile FTP/Web
Server, which potentially can be exploited by malicious users to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/15394/
--
[SA15374] Ultimate Forum Exposure of Encrypted User Credentials
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-05-17
eric basher has reported a security issue in Ultimate Forum, which can
be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/15374/
--
[SA15373] GA's Guest Book Exposure of Sensitive Information
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-05-17
eric basher has reported a security issue in GA's Guest Book, which can
be exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/15373/
UNIX/Linux:--
[SA15407] Red Hat update for kdelibs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-05-18
Red Hat has issued an update for kdelibs. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/15407/
--
[SA15387] Pico Server Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2005-05-17
RedTeam has reported some vulnerabilities Pico Server, which can be
exploited by malicious, local users to gain knowledge of sensitive
information, or by malicious people to gain knowledge of potentially
sensitive information or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15387/
--
[SA15376] Gentoo update for Mozilla / Mozilla Firefox
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2005-05-16
Gentoo has issued an update for Mozilla / Mozilla Firefox. This fixes
two vulnerabilities, which can be exploited by malicious people to
conduct cross-site scripting attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15376/
--
[SA15370] Conectiva update for kde
Critical: Highly critical
Where: From remote
Impact: Spoofing, Privilege escalation, DoS, System access
Released: 2005-05-17
Conectiva has issued an update for kde. This fixes multiple
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service), gain escalated privileges, spoof the URL displayed in the
address bar and status bar, or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15370/
--
[SA15367] Mandriva update for mozilla
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of sensitive information, System access
Released: 2005-05-16
Mandriva has issued updates for mozilla. These fix some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions,
gain knowledge of potentially sensitive information and compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/15367/
--
[SA15358] Mandriva update for kdelibs
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-05-13
Mandriva has issued an update for kdelibs. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/15358/
--
[SA15357] Mandriva update for gaim
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2005-05-13
Mandriva has issued an update for gaim. This fixes a vulnerability and
a weakness, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15357/
--
[SA15350] Red Hat update for openmotif
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2005-05-12
Red Hat has issued an update for openmotif. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/15350/
--
[SA15408] Red Hat update for cyrus-imapd
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-05-18
Red Hat has issued an update for cyrus-imapd. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/15408/
--
[SA15399] iControl Services Manager Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2005-05-18
F5 Networks have acknowledged multiple vulnerabilities in iControl
Services Manager, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) or malicious people to potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/15399/
--
[SA15398] SCO OpenServer update for telnet
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2005-05-18
SCO has issued an update for telnet. This fixes two vulnerabilities,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/15398/
--
[SA15389] Slackware update for mozilla
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-05-16
Slackware has issued an update for mozilla. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/15389/
--
[SA15388] ignitionServer Access Entry Deletion and Channel Locking
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2005-05-17
Two vulnerabilities have been reported in ignitionServer, which can be
exploited by malicious users to delete access entries or prevent
protected operators from accessing certain channels.
Full Advisory:
http://secunia.com/advisories/15388/
--
[SA15381] Fedora update for squid
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Spoofing, Manipulation of data
Released: 2005-05-18
Fedora has issued an update for squid. This fixes some vulnerabilities,
which can be exploited by malicious people to spoof DNS lookups and
poison the web proxy cache.
Full Advisory:
http://secunia.com/advisories/15381/
--
[SA15359] Mandriva update for gnutls
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-05-13
Mandriva has issued an update for gnutls. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/15359/
--
[SA15351] Ubuntu update for gnutls
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-05-13
Ubuntu has issued an update for gnutls. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/15351/
--
[SA15380] Trustix update for postgresql
Critical: Moderately critical
Where: From local network
Impact: Unknown, Privilege escalation, DoS
Released: 2005-05-16
Trustix has released an update for postgresql. This fixes two
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) or potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/15380/
--
[SA15375] Gentoo update for postgresql
Critical: Moderately critical
Where: From local network
Impact: DoS, Privilege escalation, Unknown
Released: 2005-05-16
Gentoo has released an update for postgresql. This fixes two
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) or potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/15375/
--
[SA15404] Gentoo update for freeradius
Critical: Less critical
Where: From remote
Impact: Unknown, Manipulation of data
Released: 2005-05-18
Gentoo has issued an update for freeradius. This fixes some
vulnerabilities, where one has an unknown impact and the others
potentially can be exploited to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/15404/
--
[SA15403] Ubuntu update for nasm
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-05-18
Ubuntu has issued an update for nasm. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15403/
--
[SA15390] Slackware update for ncftp
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-05-16
Slackware has issued an update for ncftp. This fixes an old
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15390/
--
[SA15378] Gentoo update for phpBB
Critical: Less critical
Where: From remote
Impact: Unknown, Cross Site Scripting
Released: 2005-05-16
Gentoo has issued an update for phpBB. This fixes a vulnerability,
which can be exploited to conduct cross-site scripting or script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/15378/
--
[SA15364] Slackware update for gaim
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-05-16
Slackware has issued an update for gaim. This fixes two weaknesses,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/15364/
--
[SA15361] FreeRADIUS Potential SQL Injection and Buffer Overflow
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Unknown, Manipulation of data
Released: 2005-05-18
Primoz Bratanic has reported some vulnerabilities in FreeRADIUS, where
one has an unknown impact and the others potentially can be exploited
by malicious users to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/15361/
--
[SA15356] Mandriva update for tcpdump
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2005-05-13
Mandriva has issued an update for tcpdump. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/15356/
--
[SA15352] NASM "ieee_putascii()" Buffer Overflow Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2005-05-18
Jindrich Novy has reported a vulnerability in NASM, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/15352/
--
[SA15383] Trustix update for squid
Critical: Less critical
Where: From local network
Impact: Spoofing
Released: 2005-05-16
Trustix has issued an updated for squid. This fixes a vulnerability,
which can be exploited by malicious people to spoof DNS lookups.
Full Advisory:
http://secunia.com/advisories/15383/
--
[SA15406] Red Hat update for ncpfs
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-18
Red Hat has issued an update for ncpfs. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/15406/
--
[SA15392] Linux Kernel pktcdvd and raw device Block Device
Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-17
alert7 has reported two vulnerabilities in the Linux kernel, which can
be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/15392/
--
[SA15386] Cheetah Insecure Module Importing Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-17
Brian Bird has reported a vulnerability in Cheetah, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/15386/
--
[SA15384] Avaya CMS/IR Network Port Hijacking Vulnerability
Critical: Less critical
Where: Local system
Impact: Hijacking
Released: 2005-05-16
Avaya has acknowledged some vulnerabilities in Avaya Call Management
System (CMS) and Avaya Interactive Response (IR), which can be
exploited by malicious, local users to hijack network ports.
Full Advisory:
http://secunia.com/advisories/15384/
--
[SA15382] Trustix update for kernel
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-16
Trustix has issued an update for kernel. This can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/15382/
--
[SA15366] Avaya CMS/IR Xsun and Xprt Server Font Handling
Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-16
Avaya has acknowledged some vulnerabilities in Avaya Call Management
System (CMS) and Avaya Interactive Response (IR), which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/15366/
--
[SA15365] IBM HTTP Server "mod_include" Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2005-05-17
IBM has acknowledged a vulnerability in IBM HTTP Server, which can be
exploited by malicious, local users to cause a DoS (Denial of Service)
or potentially gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/15365/
--
[SA15354] cdrdao Unspecified Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2005-05-13
A vulnerability has been reported in cdrdao, which potentially can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/15354/
--
[SA15348] FreeBSD Hyper-Threading Support Information Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2005-05-13
Colin Percival has reported a vulnerability in FreeBSD, which can be
exploited by malicious, local users to gain knowledge of sensitive
information.
Full Advisory:
http://secunia.com/advisories/15348/
Other:--
[SA15349] Cisco Firewall Services Module TCP Packet URL Filtering
Bypass
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2005-05-12
A security issue has been reported in Cisco Firewall Services Module
(FWSM), which can result in certain traffic bypassing configured ACLs.
Full Advisory:
http://secunia.com/advisories/15349/
Cross Platform:--
[SA15410] eDMS Multiple Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2005-05-18
Some vulnerabilities with unknown impacts have been reported in eDMS.
Full Advisory:
http://secunia.com/advisories/15410/
--
[SA15405] Serendipity File Upload and Cross-Site Scripting
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting
Released: 2005-05-18
Some vulnerabilities have been reported in Serendipity, which can be
exploited by malicious people to bypass certain security restrictions
and conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/15405/
--
[SA15401] Help Center Live Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-05-18
James Bercegay has reported some vulnerabilities in Help Center Live,
which can be exploited by malicious people to conduct cross-site
scripting, script insertion and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/15401/
--
[SA15396] Woltlab Burning Board JGS-Portal SQL Injection
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-05-17
deluxe89 and the Security-Project Team has reported some
vulnerabilities in the JGS-Portal module for Woltlab Burning Board,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/15396/
--
[SA15395] Woltlab Burning Board "email" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2005-05-17
James Bercegay has reported a vulnerability in Woltlab Burning Board,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/15395/
--
[SA15391] PostNuke "func" Local File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2005-05-17
pokleyzz has reported a vulnerability in PostNuke, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/15391/
--
[SA15385] NPDS Cross-Site Scripting and SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-05-18
Some vulnerabilities have been reported in NPDS, which can be exploited
by malicious people to conduct cross-site scripting and SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/15385/
--
[SA15377] Skull-Splitter's PHP Guestbook Script Insertion
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-05-17
Morinex Eneco has reported a vulnerability in Skull-Splitter's PHP
Guestbook, which can be exploited by malicious people to conduct script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/15377/
--
[SA15371] SafeHTML "_writeAttrs()" Quote Handling Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2005-05-17
A vulnerability has been reported in SafeHTML, which potentially can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/15371/
--
[SA15360] Kerio MailServer Two Denial of Service Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2005-05-13
Two vulnerabilities have been reported in Kerio MailServer, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/15360/
--
[SA15355] Bug Report Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2005-05-17
Sylvain Thual has reported a vulnerability in Bug Report, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/15355/
--
[SA15353] Direct Topics Script Insertion and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2005-05-13
Morinex Eneco has reported two vulnerabilities in Direct Topics, which
can be exploited by malicious people to conduct script insertion and
SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/15353/
--
[SA15400] Shop-Script FREE "categoryID" and "productID" SQL Injection
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Released: 2005-05-18
Censored has reported a vulnerability in Shop-Script FREE, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/15400/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_________________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Fri May 20 2005 - 09:20:49 PDT