[ISN] Secunia Weekly Summary - Issue: 2005-32

From: InfoSec News (isn@private)
Date: Thu Aug 11 2005 - 22:08:25 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2005-08-04 - 2005-08-11                        

                       This week : 58 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Microsoft has released their monthly security updates, which corrects
several vulnerabilities in various Microsoft products.

All users of Microsoft products are advised to check Windows Update for
available security updates.

Additional details can be found in referenced Secunia advisories below.

Reference:
http://secunia.com/SA16373
http://secunia.com/SA16372
http://secunia.com/SA16368
http://secunia.com/SA16356
http://secunia.com/SA16354


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA16373] Internet Explorer Three Vulnerabilities
2.  [SA16105] Skype "skype_profile.jpg" Insecure Temporary File
              Creation
3.  [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
4.  [SA16298] Linux Kernel xfrm Array Indexing Overflow Vulnerability
5.  [SA15870] Opera Download Dialog Spoofing Vulnerability
6.  [SA16372] Microsoft Windows Plug-and-Play Service Buffer Overflow
7.  [SA12758] Microsoft Word Document Parsing Buffer Overflow
              Vulnerabilities
8.  [SA15756] Opera Image Dragging Vulnerability
9.  [SA16210] Microsoft Windows Unspecified USB Device Driver
              Vulnerability
10. [SA16071] Windows Remote Desktop Protocol Denial of Service 
              Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA16373] Internet Explorer Three Vulnerabilities
[SA16364] Lasso Professional Auth Tag Security Bypass Vulnerability
[SA16372] Microsoft Windows Plug-and-Play Service Buffer Overflow
[SA16356] Microsoft Windows Print Spooler Service Buffer Overflow
Vulnerability
[SA16354] Microsoft Windows Telephony Service Vulnerability
[SA16344] EMC Navisphere Manager Directory Traversal and Directory
Listing
[SA16368] Microsoft Windows Two Kerberos Vulnerabilities

UNIX/Linux:
[SA16387] Red Hat update for gaim
[SA16384] Red Hat update for gaim
[SA16379] Gaim Away Message Buffer Overflow and Denial of Service
[SA16363] Ubuntu update for ekg/libgadu3
[SA16341] Conectiva update for krb5
[SA16331] Mandriva update for ethereal
[SA16358] Red Hat update for ruby
[SA16349] Trustix update for multiple packages
[SA16336] Gentoo update for netpbm
[SA16391] Red Hat update for cups
[SA16390] Fedora update for kdegraphics
[SA16385] Ubuntu update for xpdf/kpdf
[SA16383] Red Hat update for xpdf/kdegraphics
[SA16380] CUPS xpdf Temporary File Writing Denial of Service
[SA16374] Xpdf Temporary File Writing Denial of Service
[SA16370] VegaDNS "message" Cross-Site Scripting Vulnerability
[SA16362] cPanel Password Change Privilege Escalation Security Issue
[SA16334] Ubuntu update for apache2
[SA16382] Red Hat update for ucd-snmp
[SA16367] Sun Solaris printd Daemon Arbitrary File Deletion
Vulnerability
[SA16381] Red Hat update for sysreport
[SA16360] Gentoo update for heartbeat
[SA16359] FFTW fftw-wisdom-to-conf.in Insecure Temporary File Creation
[SA16345] Lantonix Secure Console Server Multiple Vulnerabilities
[SA16343] Inkscape ps2epsi.sh Insecure Temporary File Creation
[SA16335] Conectiva update for heartbeat
[SA16355] Linux Kernel Keyring Management Denial of Service
Vulnerabilities
[SA16352] Wine winelauncher.in Insecure Temporary File Creation
[SA16328] Red Hat update for dump

Other:


Cross Platform:
[SA16386] WordPress "cache_lastpostdate" PHP Code Insertion
[SA16347] SysCP Two Vulnerabilities
[SA16346] Comdev eCommerce File Inclusion Vulnerability
[SA16342] Gravity Board X Multiple Vulnerabilities
[SA16339] XOOPS PHPMailer and XML-RPC Vulnerabilities
[SA16330] Flatnuke Multiple Vulnerabilities
[SA16388] PHlyMail Unspecified Login Bypass Vulnerability
[SA16375] XMB Forum Server Set Variable Overwrite and SQL Injection
[SA16369] Open Bulletin Board SQL Injection Vulnerabilities
[SA16366] MyFAQ Multiple Scripts SQL Injection Vulnerability
[SA16361] PHPSiteStats Unspecified Login Bypass Vulnerability
[SA16353] PHPLite Calendar Express Two Vulnerabilities
[SA16351] phpIncludes News System SQL Injection Vulnerability
[SA16371] FunkBoard Multiple Cross-Site Scripting Vulnerabilities
[SA16365] Chipmunk Forum "fontcolor" Cross-Site Scripting
Vulnerability
[SA16357] e107 HTML / TXT Attachment Script Insertion Vulnerability
[SA16348] Invision Power Board HTML / TXT Attachment Script Insertion
[SA16338] Jax LinkLists Cross-Site Scripting and Information
Disclosure
[SA16337] Jax Guestbook Cross-Site Scripting and Information
Disclosure
[SA16333] Jax Calendar Cross-Site Scripting Vulnerability
[SA16332] Jax Newsletter Cross-Site Scripting and Information
Disclosure
[SA16329] tDiary Cross-Site Request Forgery Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA16373] Internet Explorer Three Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-09

Three vulnerabilities have been reported in Internet Explorer, which
can be exploited by malicious people to conduct cross-site scripting
attacks or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16373/

 --

[SA16364] Lasso Professional Auth Tag Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-08-10

A vulnerability has been reported in Lasso, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/16364/

 --

[SA16372] Microsoft Windows Plug-and-Play Service Buffer Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2005-08-09

ISS X-Force has reported a vulnerability in Microsoft Windows, which
can be exploited by malicious users to gain escalated privileges or by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16372/

 --

[SA16356] Microsoft Windows Print Spooler Service Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2005-08-09

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16356/

 --

[SA16354] Microsoft Windows Telephony Service Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Privilege escalation, System access
Released:    2005-08-09

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious, local users to gain escalated privileges or by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16354/

 --

[SA16344] EMC Navisphere Manager Directory Traversal and Directory
Listing

Critical:    Moderately critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2005-08-08

Two vulnerabilities have been reported in EMC Navisphere Manager, which
can be exploited by malicious people to gain knowledge of sensitive
information.

Full Advisory:
http://secunia.com/advisories/16344/

 --

[SA16368] Microsoft Windows Two Kerberos Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Spoofing, Exposure of sensitive information, DoS
Released:    2005-08-09

Two vulnerabilities have been reported in Microsoft Windows, which can
be exploited by malicious users to cause a DoS (Denial of Service),
reveal sensitive information, or impersonate other users.

Full Advisory:
http://secunia.com/advisories/16368/


UNIX/Linux:--

[SA16387] Red Hat update for gaim

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-10

Red Hat has issued an update for gaim. This fixes a vulnerability and
two weaknesses, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16387/

 --

[SA16384] Red Hat update for gaim

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-10

Red Hat has issued an update for gaim. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/16384/

 --

[SA16379] Gaim Away Message Buffer Overflow and Denial of Service

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-10

A vulnerability and a weakness have been reported in Gaim, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/16379/

 --

[SA16363] Ubuntu update for ekg/libgadu3

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, Privilege escalation, DoS, System access
Released:    2005-08-09

Ubuntu has issued updates for ekg and libgadu3. These fix some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions with escalated privileges, or by malicious
people to cause a DoS (Denial of Service) or compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16363/

 --

[SA16341] Conectiva update for krb5

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-09

Conectiva has issued an update for krb5. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16341/

 --

[SA16331] Mandriva update for ethereal

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-05

Mandriva has issued an update for ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16331/

 --

[SA16358] Red Hat update for ruby

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-08-08

Red Hat has issued an update for ruby. This fixes a vulnerability,
which potentially can be exploited by malicious people to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/16358/

 --

[SA16349] Trustix update for multiple packages

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2005-08-08

Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which can be exploited to disclose certain sensitive
information, cause a DoS (Denial of Service), or potentially compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16349/

 --

[SA16336] Gentoo update for netpbm

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2005-08-05

Gentoo has issued an update for netpbm. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16336/

 --

[SA16391] Red Hat update for cups

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-08-10

Red Hat has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/16391/

 --

[SA16390] Fedora update for kdegraphics

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-08-10

Fedora has issued an update for kdegraphics. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16390/

 --

[SA16385] Ubuntu update for xpdf/kpdf

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-08-10

Ubuntu has issued updates for xpdf and kpdf. These fix a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/16385/

 --

[SA16383] Red Hat update for xpdf/kdegraphics

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-08-10

Red Hat has issued updates for xpdf and kdegraphics. These fix a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/16383/

 --

[SA16380] CUPS xpdf Temporary File Writing Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-08-10

A vulnerability has been reported in CUPS, which can be exploited by
malicious people to cause a DoS (Denial of Service) on a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16380/

 --

[SA16374] Xpdf Temporary File Writing Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2005-08-10

A vulnerability has been reported in Xpdf, which can be exploited by
malicious people to cause a DoS (Denial of Service) on a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/16374/

 --

[SA16370] VegaDNS "message" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-10

dyn0 has discovered a vulnerability in VegaDNS, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/16370/

 --

[SA16362] cPanel Password Change Privilege Escalation Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation
Released:    2005-08-10

IHS has discovered a security issue in cPanel, which may allow
malicious users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/16362/

 --

[SA16334] Ubuntu update for apache2

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, DoS
Released:    2005-08-05

Ubuntu has issued an update for apache2. This fixes two
vulnerabilities, which can be exploited by malicious people to
potentially cause a DoS (Denial of Service) and conduct HTTP request
smuggling attacks.

Full Advisory:
http://secunia.com/advisories/16334/

 --

[SA16382] Red Hat update for ucd-snmp

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2005-08-10

Red Hat has issued an update for ucd-snmp. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/16382/

 --

[SA16367] Sun Solaris printd Daemon Arbitrary File Deletion
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Manipulation of data
Released:    2005-08-09

A vulnerability has been reported in Solaris, which can be exploited by
malicious users to delete files on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16367/

 --

[SA16381] Red Hat update for sysreport

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-10

Red Hat has issued an update for sysreport.  This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/16381/

 --

[SA16360] Gentoo update for heartbeat

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-08

Gentoo has issued an update for heartbeat. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16360/

 --

[SA16359] FFTW fftw-wisdom-to-conf.in Insecure Temporary File Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-08

Javier Fernandez-Sanguino Pena has reported a vulnerability in FFTW,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16359/

 --

[SA16345] Lantonix Secure Console Server Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2005-08-08

c0ntex has reported some vulnerabilities in Lantonix Secure Console
Server, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/16345/

 --

[SA16343] Inkscape ps2epsi.sh Insecure Temporary File Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-09

Javier Fernandez-Sanguino Pena has reported a vulnerability in
Inkscape, which can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16343/

 --

[SA16335] Conectiva update for heartbeat

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-05

Conectiva has issued an update for heartbeat. This fixes a
vulnerability, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/16335/

 --

[SA16355] Linux Kernel Keyring Management Denial of Service
Vulnerabilities

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2005-08-09

Some vulnerabilities have been reported in the Linux kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/16355/

 --

[SA16352] Wine winelauncher.in Insecure Temporary File Creation

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2005-08-08

Javier Fernandez-Sanguino Pena has reported a vulnerability in wine,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/16352/

 --

[SA16328] Red Hat update for dump

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2005-08-04

Red Hat has issued an update for dump. This fixes a weakness, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/16328/


Other:


Cross Platform:--

[SA16386] WordPress "cache_lastpostdate" PHP Code Insertion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-10

kartoffelguru has discovered a vulnerability in WordPress, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16386/

 --

[SA16347] SysCP Two Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-08

Christopher Kunz has reported two vulnerabilities in SysCP, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16347/

 --

[SA16346] Comdev eCommerce File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2005-08-08

none has discovered a vulnerability in Comdev eCommerce, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16346/

 --

[SA16342] Gravity Board X Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, System access
Released:    2005-08-09

rgod has discovered some vulnerabilities in Gravity Board X, which can
be exploited by malicious people to conduct cross-site scripting
attacks, bypass certain security restrictions, or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/16342/

 --

[SA16339] XOOPS PHPMailer and XML-RPC Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2005-08-09

Some vulnerabilities have been reported in XOOPS, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16339/

 --

[SA16330] Flatnuke Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2005-08-05

rgod has discovered some vulnerabilities in Flatnuke, which can be
exploited by malicious people to conduct cross-site scripting attacks,
script insertion attacks, or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/16330/

 --

[SA16388] PHlyMail Unspecified Login Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-08-10

A vulnerability has been reported in PHlyMail, which can be exploited
by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/16388/

 --

[SA16375] XMB Forum Server Set Variable Overwrite and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-08-10

Heintz has discovered two vulnerabilities in XMB Forum, which can be
exploited by malicious users to overwrite certain server set variables
or conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16375/

 --

[SA16369] Open Bulletin Board SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-08-09

abducter has discovered some vulnerabilities in Open Bulletin Board,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/16369/

 --

[SA16366] MyFAQ Multiple Scripts SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-08-09

Censored has discovered a vulnerability in MyFAQ, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16366/

 --

[SA16361] PHPSiteStats Unspecified Login Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2005-08-08

A vulnerability has been reported in PHPSiteStats, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/16361/

 --

[SA16353] PHPLite Calendar Express Two Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2005-08-09

Two vulnerabilities have been reported in Calendar Express, which can
be exploited by malicious people to conduct SQL injection or cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/16353/

 --

[SA16351] phpIncludes News System SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2005-08-08

A vulnerability has been reported in phpIncludes, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/16351/

 --

[SA16371] FunkBoard Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-09

rgod has discovered multiple vulnerabilities in FunkBoard, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/16371/

 --

[SA16365] Chipmunk Forum "fontcolor" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-09

rgod has discovered a vulnerability in Chipmunk, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/16365/

 --

[SA16357] e107 HTML / TXT Attachment Script Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-09

edward11 has discovered a vulnerability in e107, which can be exploited
by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/16357/

 --

[SA16348] Invision Power Board HTML / TXT Attachment Script Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-09

V[i]RuS has discovered a vulnerability in Invision Power Board, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/16348/

 --

[SA16338] Jax LinkLists Cross-Site Scripting and Information
Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2005-08-05

Lostmon has discovered some vulnerabilities in Jax LinkLists, which can
be exploited by malicious people to conduct cross-site scripting attacks
or disclose certain information.

Full Advisory:
http://secunia.com/advisories/16338/

 --

[SA16337] Jax Guestbook Cross-Site Scripting and Information
Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2005-08-05

Lostmon has discovered some vulnerabilities in Jax Guestbook, which can
be exploited by malicious people to conduct cross-site scripting attacks
or disclose certain sensitive information.

Full Advisory:
http://secunia.com/advisories/16337/

 --

[SA16333] Jax Calendar Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2005-08-05

Lostmon has discovered a vulnerability in Jax Calendar, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/16333/

 --

[SA16332] Jax Newsletter Cross-Site Scripting and Information
Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2005-08-05

Lostmon has discovered some vulnerabilities in Jax Newsletter, which
can be exploited by malicious people to conduct cross-site scripting
attacks or disclose certain sensitive information.

Full Advisory:
http://secunia.com/advisories/16332/

 --

[SA16329] tDiary Cross-Site Request Forgery Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Hijacking
Released:    2005-08-08

A vulnerability has been reported in tDiary, which can be exploited by
malicious people to conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/16329/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________________
Attend ToorCon 
Sept 16-18th, 2005
Convention Center
San Diego, California
www.toorcon.org 



This archive was generated by hypermail 2.1.3 : Thu Aug 11 2005 - 22:28:40 PDT