[ISN] Secunia Weekly Summary - Issue: 2005-23

From: InfoSec News (isn@private)
Date: Mon Jun 13 2005 - 01:03:07 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-06-02 - 2005-06-09                        

                       This week : 52 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

The Mozilla Foundation has reintroduced the 7 year old "Frame
Injection" vulnerability in Mozilla, FireFox, and Camino.

More details, including a demonstration of the vulnerability can be
found in the referenced Secunia advisories below.

Reference:
http://secunia.com/SA15601
http://secunia.com/SA15602


VIRUS ALERTS:

During the last week, Secunia issued 2 MEDIUM RISK virus alerts.
Please refer to the grouped virus profiles below for more information:

TROJ_SMALL.AHE - MEDIUM RISK Virus Alert - 2005-06-03 11:58 GMT+1
http://secunia.com/virus_information/18574/trojsmall.ahe/

BOBAX.P - MEDIUM RISK Virus Alert - 2005-06-03 11:55 GMT+1
http://secunia.com/virus_information/18542/bobax.p/

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
2.  [SA11978] Multiple Browsers Frame Injection Vulnerability
3.  [SA11966] Internet Explorer Frame Injection Vulnerability
4.  [SA15602] Camino Frame Injection Vulnerability
5.  [SA15605] Windows Remote Desktop Protocol Private Key Disclosure
6.  [SA14820] Mozilla Firefox JavaScript Engine Information Disclosure
              Vulnerability
7.  [SA15292] Mozilla Firefox Two Vulnerabilities
8.  [SA15598] WebSphere Application Server Administrative Console
              Buffer Overflow
9.  [SA12758] Microsoft Word Document Parsing Buffer Overflow
              Vulnerabilities
10. [SA15546] Microsoft Internet Explorer "window()" Denial of Service
              Weakness

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA15623] GoodTech SMTP Server "RCPT TO" Denial of Service
Vulnerability
[SA15595] WWWeb Concepts Events System "password" SQL Injection
[SA15593] Liberum Help Desk "id" SQL Injection Vulnerability
[SA15592] LiteWeb Protected File Access Vulnerability
[SA15585] Crob FTP Server Buffer Overflow Vulnerabilities
[SA15605] Windows Remote Desktop Protocol Private Key Disclosure
[SA15618] Kaspersky Anti-Virus "klif.sys" Privilege Escalation
Vulnerability

UNIX/Linux:
[SA15637] Red Hat update for xorg-x11
[SA15629] SUSE Updates for Multiple Packages
[SA15628] Conectiva update for gaim
[SA15625] SGI Advanced Linux Environment Multiple Updates
[SA15616] Conectiva update for ethereal
[SA15610] Debian update for mailutils
[SA15582] tattle "getemails()" Shell Command Injection Vulnerability
[SA15579] Conectiva update for php4
[SA15617] Conectiva update for krb5
[SA15611] Gentoo update for wordpress
[SA15609] Sun ONE Application Server Unspecified File Disclosure
[SA15607] Gentoo update for mailutils
[SA15602] Camino Frame Injection Vulnerability
[SA15588] GNU Mailutils "sql_escape_string()" SQL Injection
Vulnerability
[SA15587] Avaya Various Products Kernel Vulnerabilities
[SA15624] Avaya CMS FTP Daemon Wildcard Denial of Service
[SA15620] UnixWare update for wu-ftp
[SA15614] Gentoo update for dzip
[SA15578] Conectiva update for gftp
[SA15621] UnixWare update for mysql
[SA15619] SGI IRIX rpc.mountd "read-mostly" Exports Read/Write Access
[SA15640] Red Hat update for kernel
[SA15638] Red Hat update for dbus
[SA15622] Mandriva update for a2ps
[SA15615] Backup Manager Exposure of Archive Repository
[SA15613] Sun Solaris Unspecified C Library Privilege Escalation
[SA15612] Mandriva update for openssl
[SA15580] Red Hat update for kdbg
[SA15581] Red Hat update for ImageMagick
[SA15604] GIPTables Firewall Insecure Temporary File Creation

Other:


Cross Platform:
[SA15603] FlatNuke Multiple Vulnerabilities
[SA15600] YaPiG Multiple Vulnerabilities
[SA15596] MWChat "CONFIG[MWCHAT_Libs]" File Inclusion Vulnerability
[SA15584] Popper "form" File Inclusion Vulnerability
[SA15626] Invision Community Blog Module Two Vulnerabilities
[SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
[SA15597] RakNet Empty UDP Datagram Denial of Service Vulnerability
[SA15586] phpCMS "language" Local File Inclusion Vulnerability
[SA15583] Exhibit Engine SQL Injection Vulnerability
[SA15598] WebSphere Application Server Administrative Console Buffer
Overflow
[SA15599] Dzip Directory Traversal Vulnerability
[SA15594] CuteNews Template Creation PHP Code Execution Vulnerability
[SA15590] MediaWiki HTML Attributes Cross-Site Scripting Vulnerability
[SA15589] Lpanel Multiple Vulnerabilities
[SA15627] C-JDBC Exposure of Cached Results

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA15623] GoodTech SMTP Server "RCPT TO" Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-06-08

Reed Arvin has reported a vulnerability in GoodTech SMTP Server, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15623/

 --

[SA15595] WWWeb Concepts Events System "password" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-06-06

Romty has reported a vulnerability in WWWeb Concepts Events System,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/15595/

 --

[SA15593] Liberum Help Desk "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-06-03

Dedi Dwianto has reported a vulnerability in Liberum Help Desk, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15593/

 --

[SA15592] LiteWeb Protected File Access Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-06-03

Ziv Kamir has reported a vulnerability in LiteWeb, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/15592/

 --

[SA15585] Crob FTP Server Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-06-03

Leon Juranic has reported two vulnerabilities in Crob FTP Server, which
can be exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15585/

 --

[SA15605] Windows Remote Desktop Protocol Private Key Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Hijacking
Released:    2005-06-06

Massimiliano Montoro has reported a security issue in Microsoft
Windows, which can be exploited by malicious people to conduct MitM
(Man-in-the-Middle) attacks.

Full Advisory:
http://secunia.com/advisories/15605/

 --

[SA15618] Kaspersky Anti-Virus "klif.sys" Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-08

Ilya Rabinovich has reported a vulnerability in Kaspersky Anti-Virus,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/15618/


UNIX/Linux:--

[SA15637] Red Hat update for xorg-x11

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-09

Red Hat has issued an update for xorg-x11. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/15637/

 --

[SA15629] SUSE Updates for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, Cross Site Scripting, Manipulation of data,
Exposure of sensitive information, Privilege escalation, DoS, System
access
Released:    2005-06-08

SUSE has issued updates for multiple packages. These fix various
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions with escalated privileges, by malicious users
to conduct SQL injection attacks and by malicious people to cause a DoS
(Denial of Service), conduct cross-site scripting attacks, disclose
sensitive information and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15629/

 --

[SA15628] Conectiva update for gaim

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-06-08

Conectiva has issued an update for gaim. This fixes a vulnerability and
a weakness, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/15628/

 --

[SA15625] SGI Advanced Linux Environment Multiple Updates

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
system information, Privilege escalation, DoS, System access
Released:    2005-06-08

SGI has issued a patch for SGI Advanced Linux Environment. This fixes
multiple vulnerabilities, which can be exploited by malicious, local
users to gain knowledge of certain information or gain escalated
privileges, or by malicious people to conduct cross-site scripting
attacks, cause a DoS (Denial of Service), potentially overwrite
arbitrary files on a user's system or compromise it.

Full Advisory:
http://secunia.com/advisories/15625/

 --

[SA15616] Conectiva update for ethereal

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-06-07

Conectiva has issued an update for ethereal. This fixes multiple
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15616/

 --

[SA15610] Debian update for mailutils

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-06-06

Debian has issued an update for mailutils. This fixes some
vulnerabilities, which can be exploited to cause a DoS (Denial of
Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15610/

 --

[SA15582] tattle "getemails()" Shell Command Injection Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-08

b0iler has reported a vulnerability in tattle, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15582/

 --

[SA15579] Conectiva update for php4

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2005-06-01

Conectiva has issued an update for php4. This fixes some
vulnerabilities, where some have an unknown impact and others can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15579/

 --

[SA15617] Conectiva update for krb5

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-06-07

Conectiva has issued an update for krb5. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15617/

 --

[SA15611] Gentoo update for wordpress

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
system information
Released:    2005-06-07

Gentoo has issued an update for wordpress. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15611/

 --

[SA15609] Sun ONE Application Server Unspecified File Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2005-06-07

A vulnerability has been reported in Sun ONE Application Server, which
can be exploited by malicious people to gain knowledge of sensitive
information.

Full Advisory:
http://secunia.com/advisories/15609/

 --

[SA15607] Gentoo update for mailutils

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Security Bypass
Released:    2005-06-07

Gentoo has issued an update for mailutils. This fixes a vulnerability,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/15607/

 --

[SA15602] Camino Frame Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2005-06-06

A seven year old vulnerability has been re-introduced in Camino, which
can be exploited by malicious people to spoof the contents of web
sites.

Full Advisory:
http://secunia.com/advisories/15602/

 --

[SA15588] GNU Mailutils "sql_escape_string()" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-06-07

Primoz Bratanic has reported a vulnerability in GNU Mailutils, which
potentially can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/15588/

 --

[SA15587] Avaya Various Products Kernel Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS
Released:    2005-06-03

Avaya has acknowledged some vulnerabilities in various products, which
can be exploited to disclose information, gain escalated privileges, or
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15587/

 --

[SA15624] Avaya CMS FTP Daemon Wildcard Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-06-08

Avaya has acknowledged a vulnerability in Call Management System (CMS),
which can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15624/

 --

[SA15620] UnixWare update for wu-ftp

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-06-08

SCO has issued an update for wu-ftp. This fixes a vulnerability, which
can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15620/

 --

[SA15614] Gentoo update for dzip

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-06-07

Gentoo has issued an update for dzip. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15614/

 --

[SA15578] Conectiva update for gftp

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2005-06-01

Conectiva has issued an update for gftp. This fixes a vulnerability,
which can be exploited by malicious people to conduct directory
traversal attacks.

Full Advisory:
http://secunia.com/advisories/15578/

 --

[SA15621] UnixWare update for mysql

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2005-06-08

SCO has issued an update for mysql. This fixes a vulnerability, which
can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/15621/

 --

[SA15619] SGI IRIX rpc.mountd "read-mostly" Exports Read/Write Access

Critical:    Less critical
Where:       From local network
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2005-06-08

A security issue has been reported in SGI IRIX, which potentially can
be exploited by malicious users to disclose and modify sensitive
information.

Full Advisory:
http://secunia.com/advisories/15619/

 --

[SA15640] Red Hat update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2005-06-09

Red Hat has issued an update for the kernel. This fixes two
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service) or potentially gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/15640/

 --

[SA15638] Red Hat update for dbus

Critical:    Less critical
Where:       Local system
Impact:      Hijacking
Released:    2005-06-09

Red Hat has issued an update for dbus. This fixes a vulnerability,
which can be exploited by malicious, local users to hijack a session
bus.

Full Advisory:
http://secunia.com/advisories/15638/

 --

[SA15622] Mandriva update for a2ps

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-08

Mandriva has issued an update for a2ps. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/15622/

 --

[SA15615] Backup Manager Exposure of Archive Repository

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-06-08

A security issue has been reported in Backup Manager, which can be
exploited by malicious, local users to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/15615/

 --

[SA15613] Sun Solaris Unspecified C Library Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-06

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/15613/

 --

[SA15612] Mandriva update for openssl

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2005-06-07

Mandriva has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious, local users to gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/15612/

 --

[SA15580] Red Hat update for kdbg

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-03

Red Hat has issued an update for kdbg. This fixes an old vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/15580/

 --

[SA15581] Red Hat update for ImageMagick

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2005-06-02

Red Hat has issued an update for imagemagick. This fixes a weakness,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/15581/

 --

[SA15604] GIPTables Firewall Insecure Temporary File Creation

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-06-06

Eric Romang has reported a vulnerability in GIPTables Firewall, which
can be exploited by malicious, local users to perform certain actions
on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/15604/


Other:


Cross Platform:--

[SA15603] FlatNuke Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information, DoS, System access
Released:    2005-06-07

Some vulnerabilities have been reported in FlatNuke, which can be
exploited by malicious people to cause a DoS (Denial of Service),
conduct cross-site scripting attacks, disclose potentially sensitive
information, and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15603/

 --

[SA15600] YaPiG Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, System access
Released:    2005-06-06

Some vulnerabilities have been reported in YaPiG, which can be
exploited to remove or create arbitrary directories, conduct cross-site
scripting attacks, and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15600/

 --

[SA15596] MWChat "CONFIG[MWCHAT_Libs]" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-03

Status-x has reported a vulnerability in MWChat, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15596/

 --

[SA15584] Popper "form" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-06-03

Leon Juranic has reported a vulnerability in Popper, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15584/

 --

[SA15626] Invision Community Blog Module Two Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-06-09

James Bercegay has reported two vulnerabilities in the Invision
Community Blog module for Invision Power Board, which can be exploited
by malicious people to conduct cross-site scripting and SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/15626/

 --

[SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2005-06-06

A seven year old vulnerability has been re-introduced in Mozilla and
Firefox, which can be exploited by malicious people to spoof the
contents of web sites.

Full Advisory:
http://secunia.com/advisories/15601/

 --

[SA15597] RakNet Empty UDP Datagram Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2005-06-06

Luigi Auriemma has reported a vulnerability in RakNet, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/15597/

 --

[SA15586] phpCMS "language" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2005-06-03

Bernhard Müller has reported a vulnerability in phpCMS, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/15586/

 --

[SA15583] Exhibit Engine SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-06-03

sk0L has reported a vulnerability in Exhibit Engine, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/15583/

 --

[SA15598] WebSphere Application Server Administrative Console Buffer
Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2005-06-03

Esteban Martínez Fayó has reported a vulnerability in IBM WebSphere
Application Server, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15598/

 --

[SA15599] Dzip Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-06-07

Stefan Cornelius has discovered a vulnerability in Dzip, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/15599/

 --

[SA15594] CuteNews Template Creation PHP Code Execution Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2005-06-03

John Cantu has reported a vulnerability in CuteNews, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/15594/

 --

[SA15590] MediaWiki HTML Attributes Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-06-06

A vulnerability has been reported in MediaWiki, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/15590/

 --

[SA15589] Lpanel Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released:    2005-06-06

Zackarin Smitz has reported some vulnerabilities in Lpanel, which can
be exploited by malicious users to disclose and manipulate sensitive
information, and by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/15589/

 --

[SA15627] C-JDBC Exposure of Cached Results

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2005-06-08

A security issue has been reported in C-JDBC, which can be exploited by
malicious users to disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/15627/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45




_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com 



This archive was generated by hypermail 2.1.3 : Mon Jun 13 2005 - 01:17:40 PDT