======================================================================== The Secunia Weekly Advisory Summary 2005-08-25 - 2005-09-01 This week : 64 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: The Secunia staff is spending hours every day to assure you the best and most reliable source for vulnerability information. Every single vulnerability report is being validated and verified before a Secunia advisory is written. Secunia validates and verifies vulnerability reports in many different ways e.g. by downloading the software and performing comprehensive tests, by reviewing source code, or by validating the credibility of the source from which the vulnerability report was issued. As a result, Secunia's database is the most correct and complete source for recent vulnerability information available on the Internet. Secunia Online Vulnerability Database: http://secunia.com/ ======================================================================== 2) This Week in Brief: A vulnerability has been reported in mplayer, which potentially can be exploited by malicious people to compromise a vulnerable system. Additional details can be found in the referenced Secunia advisory below. Reference: http://secunia.com/SA16509 VIRUS ALERTS: Secunia has not issued any virus alerts during the week. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA16560] Windows Registry Editor Utility String Concealment Weakness 2. [SA16105] Skype "skype_profile.jpg" Insecure Temporary File Creation 3. [SA16480] Microsoft DDS Library Shape Control Code Execution Vulnerability 4. [SA16466] Adobe Acrobat / Reader Plug-in Buffer Overflow Vulnerability 5. [SA16562] Symantec AntiVirus Corporate Edition / Client Security Privilege Escalation 6. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability 7. [SA16559] Apache Byte-Range Filter Denial of Service Vulnerability 8. [SA12758] Microsoft Word Document Parsing Buffer Overflow Vulnerabilities 9. [SA16598] Simple PHP Blog Image File Upload Vulnerability 10. [SA16494] Linux Kernel Denial of Service and IPsec Policy Bypass ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA16629] BFCommand & Control Server Manager Multiple Vulnerabilities [SA16613] BNBT EasyTracker Denial of Service Vulnerability [SA16615] BlueWhaleCRM "Account ID" SQL Injection Vulnerability UNIX/Linux: [SA16637] Slackware update for gaim [SA16635] Slackware update for php [SA16631] Debian update for php4 [SA16628] Red Hat update for evolution [SA16621] Gentoo update for phpgroupware [SA16619] SUSE update for php4/php5 [SA16601] Fedora update for lesstif [SA16593] Gentoo update for phpwiki [SA16592] Fedora update for openmotif [SA16589] Fedora update for php [SA16576] Debian update for simpleproxy [SA16644] Avaya Multiple Ethereal Vulnerabilities [SA16638] Slackware update for pcre [SA16634] Debian update for kismet [SA16624] Debian update for pstotext [SA16618] SUSE update for pcre [SA16614] UMN Gopher "VIfromLine()" Buffer Overflow Vulnerability [SA16600] SqWebMail HTML Emails Script Insertion Vulnerability [SA16599] Mandriva update for gnumeric [SA16587] Gentoo update for libpcre [SA16584] Gnumeric PCRE Integer Overflow Vulnerability [SA16582] Mandriva update for bluez-utils [SA16581] Mandriva update for pcre [SA16580] Mandriva update for php [SA16575] Mandriva update for python [SA16574] Affix Device Name Shell Command Injection Vulnerability [SA16641] Avaya PDS HP-UX Unspecified Security Bypass Vulnerability [SA16643] Avaya gzip Directory Traversal Vulnerability [SA16636] Debian update for phpldapadmin [SA16622] Avaya Media Servers rsh Directory Traversal Vulnerability [SA16603] Ubuntu update for courier-base [SA16590] Fedora update for freeradius [SA16588] Debian update for libpam-ldap [SA16578] Astaro Security Linux Proxy Security Issue [SA16642] Avaya OpenSSL "der_chop" Script Insecure Temporary File Creation [SA16626] Gentoo update for lm_sensors [SA16610] Debian update for maildrop [SA16608] Fedora update for kernel [SA16591] Debian update for backup-manager [SA16586] HP-UX Veritas File System Security Bypass Vulnerability [SA16579] Mandriva update for lm_sensors [SA16606] Fedora update for ntp [SA16602] NTP Incorrect Group Permissions Security Issue Other: [SA16640] Novell NetWare CIFS Denial of Service Vulnerability Cross Platform: [SA16627] FUDforum Avatar Upload Vulnerability [SA16620] AutoLinks Pro "alpath" File Inclusion Vulnerability [SA16617] phpLDAPadmin welcome.php Arbitrary File Inclusion [SA16607] Looking Glass Cross-Site Scripting and Shell Command Injection [SA16585] Quake 2 Lithium II Mod Nickname Format String Vulnerability [SA16632] PHP-Fusion Nested BBcode "url" Script Insertion Vulnerability [SA16625] Cosmoshop Login SQL Injection Vulnerability [SA16623] Helpdesk software Hesk Authentication Bypass Vulnerability [SA16616] Simple PHP Blog comment_delete_cgi.php Arbitrary File Deletion [SA16612] FreeStyle Wiki Arbitrary Command Injection Vulnerability [SA16597] PhotoPost PHP Pro EXIF Data Script Insertion Vulnerability [SA16596] YaPig EXIF Data Script Insertion Vulnerability [SA16595] phpGraphy EXIF Data Script Insertion Vulnerability [SA16594] Gallery EXIF Data Script Insertion and File Disclosure Vulnerability [SA16611] phpLDAPadmin Anonymous Bind Security Bypass [SA16605] phpMyAdmin Two Cross-Site Scripting Vulnerabilities [SA16598] Simple PHP Blog Image File Upload Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA16629] BFCommand & Control Server Manager Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2005-08-30 Luigi Auriemma has reported some vulnerabilities in BFCommand & Control Server Manager, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/16629/ -- [SA16613] BNBT EasyTracker Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2005-08-30 Sowhat has discovered a vulnerability in BNBT EasyTracker, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/16613/ -- [SA16615] BlueWhaleCRM "Account ID" SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2005-08-30 Kutbuddin Trunkwala has reported a vulnerability in BlueWhaleCRM, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/16615/ UNIX/Linux:-- [SA16637] Slackware update for gaim Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-08-31 Slackware has issued an update for gaim. This fixes a vulnerability and two weaknesses, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system. Full Advisory: http://secunia.com/advisories/16637/ -- [SA16635] Slackware update for php Critical: Highly critical Where: From remote Impact: System access Released: 2005-08-31 Slackware has issued an update for php. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16635/ -- [SA16631] Debian update for php4 Critical: Highly critical Where: From remote Impact: Privilege escalation, System access Released: 2005-08-30 Debian has issued an update for php4. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges, or by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16631/ -- [SA16628] Red Hat update for evolution Critical: Highly critical Where: From remote Impact: System access Released: 2005-08-30 Red Hat has issued an update for evolution. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16628/ -- [SA16621] Gentoo update for phpgroupware Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, System access Released: 2005-08-31 Gentoo has issued an update for phpgroupware. This fixes some vulnerabilities, which can be exploited by malicious administrative users to conduct script insertion attacks, or by malicious people to bypass certain security restrictions or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16621/ -- [SA16619] SUSE update for php4/php5 Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-08-31 SUSE has issued updates for php4 and php5. These fix some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16619/ -- [SA16601] Fedora update for lesstif Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-08-29 Fedora has issued an update for lesstif. This fixes multiple vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/16601/ -- [SA16593] Gentoo update for phpwiki Critical: Highly critical Where: From remote Impact: System access Released: 2005-08-26 Gentoo has issued an update for phpwiki. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16593/ -- [SA16592] Fedora update for openmotif Critical: Highly critical Where: From remote Impact: System access Released: 2005-08-26 Fedora has issued an update for openmotif. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16592/ -- [SA16589] Fedora update for php Critical: Highly critical Where: From remote Impact: System access Released: 2005-08-26 Fedora has issued an update for php. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16589/ -- [SA16576] Debian update for simpleproxy Critical: Highly critical Where: From remote Impact: System access Released: 2005-08-26 Debian has issued an update for simpleproxy. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16576/ -- [SA16644] Avaya Multiple Ethereal Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-08-31 Avaya has acknowledged some vulnerabilities in Ethereal included in some products, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16644/ -- [SA16638] Slackware update for pcre Critical: Moderately critical Where: From remote Impact: System access, DoS Released: 2005-08-31 Slackware has issued an update for pcre. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16638/ -- [SA16634] Debian update for kismet Critical: Moderately critical Where: From remote Impact: Unknown, System access Released: 2005-08-30 Debian has issued an update for Kismet. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16634/ -- [SA16624] Debian update for pstotext Critical: Moderately critical Where: From remote Impact: System access Released: 2005-09-01 Debian has issued an update for pstotext. This fixes a vulnerability, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16624/ -- [SA16618] SUSE update for pcre Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-08-31 SUSE has issued an update for pcre. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16618/ -- [SA16614] UMN Gopher "VIfromLine()" Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2005-08-30 vade79 has discovered a vulnerability in Gopher client, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16614/ -- [SA16600] SqWebMail HTML Emails Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-08-29 Secunia Research has discovered a vulnerability in SqWebMail, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/16600/ -- [SA16599] Mandriva update for gnumeric Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-08-29 Mandriva has issued an update for gnumeric. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16599/ -- [SA16587] Gentoo update for libpcre Critical: Moderately critical Where: From remote Impact: System access Released: 2005-08-26 Gentoo has issued an update for libpcre. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16587/ -- [SA16584] Gnumeric PCRE Integer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-08-29 A vulnerability has been reported in Gnumeric, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16584/ -- [SA16582] Mandriva update for bluez-utils Critical: Moderately critical Where: From remote Impact: Security Bypass, System access Released: 2005-08-26 Mandriva has issued an update for bluez-utils. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16582/ -- [SA16581] Mandriva update for pcre Critical: Moderately critical Where: From remote Impact: System access Released: 2005-08-26 Mandriva has issued an update for pcre. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16581/ -- [SA16580] Mandriva update for php Critical: Moderately critical Where: From remote Impact: System access Released: 2005-08-26 Mandriva has issued an update for php. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16580/ -- [SA16575] Mandriva update for python Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2005-08-29 Mandriva has issued an update for python. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16575/ -- [SA16574] Affix Device Name Shell Command Injection Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2005-08-29 Kevin Finisterre has reported a vulnerability in Affix, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16574/ -- [SA16641] Avaya PDS HP-UX Unspecified Security Bypass Vulnerability Critical: Moderately critical Where: From local network Impact: Security Bypass Released: 2005-08-31 Avaya has acknowledged a vulnerability in Avaya PDS (Predictive Dialing System), which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/16641/ -- [SA16643] Avaya gzip Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2005-08-31 Avaya has acknowledged a vulnerability in gzip included in some products, which potentially can be exploited by malicious people to extract files to arbitrary directories on a user's system. Full Advisory: http://secunia.com/advisories/16643/ -- [SA16636] Debian update for phpldapadmin Critical: Less critical Where: From remote Impact: Security Bypass Released: 2005-08-30 Debian has issued an update for phpldapadmin. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/16636/ -- [SA16622] Avaya Media Servers rsh Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2005-08-31 Avaya has acknowledged a vulnerability in rsh included in S8XXX Media Servers, which potentially can be exploited by malicious people to overwrite arbitrary files on a vulnerable system. Full Advisory: http://secunia.com/advisories/16622/ -- [SA16603] Ubuntu update for courier-base Critical: Less critical Where: From remote Impact: DoS Released: 2005-08-29 Ubuntu has issued an update for courier-base. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/16603/ -- [SA16590] Fedora update for freeradius Critical: Less critical Where: From remote Impact: Manipulation of data, DoS Released: 2005-08-26 Fedora has issued an update for freeradius. This fixes some vulnerabilities, which potentially can be exploited by malicious users to conduct SQL injection attacks or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/16590/ -- [SA16588] Debian update for libpam-ldap Critical: Less critical Where: From remote Impact: Security Bypass Released: 2005-08-26 Debian has issued an update for libpam-ldap. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/16588/ -- [SA16578] Astaro Security Linux Proxy Security Issue Critical: Less critical Where: From remote Impact: Security Bypass Released: 2005-08-29 Oliver Karow has reported a security issue in Astaro Secure Linux, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/16578/ -- [SA16642] Avaya OpenSSL "der_chop" Script Insecure Temporary File Creation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-08-31 Avaya has acknowledged a vulnerability in openssl included in some products, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/16642/ -- [SA16626] Gentoo update for lm_sensors Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-08-31 Gentoo has issued an update for lm_sensors. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/16626/ -- [SA16610] Debian update for maildrop Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-08-30 Debian has issued an update for maildrop. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/16610/ -- [SA16608] Fedora update for kernel Critical: Less critical Where: Local system Impact: Security Bypass Released: 2005-08-29 Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/16608/ -- [SA16591] Debian update for backup-manager Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation Released: 2005-08-29 Debian has issued an update for backup-manager. This fixes two vulnerabilities, which potentially can be exploited by malicious, local users to disclose potentially sensitive information or perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/16591/ -- [SA16586] HP-UX Veritas File System Security Bypass Vulnerability Critical: Less critical Where: Local system Impact: Security Bypass Released: 2005-08-26 A vulnerability has been reported in HP-UX, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/16586/ -- [SA16579] Mandriva update for lm_sensors Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2005-08-26 Mandriva has issued an update for lm_sensors. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/16579/ -- [SA16606] Fedora update for ntp Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2005-08-29 Fedora has issued an update for ntp. This fixes a security issue, which can cause ntpd to run with incorrect group permissions. Full Advisory: http://secunia.com/advisories/16606/ -- [SA16602] NTP Incorrect Group Permissions Security Issue Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2005-08-29 Josh Bressers has reported a security issue in ntpd, which can cause ntpd to run with incorrect group permissions. Full Advisory: http://secunia.com/advisories/16602/ Other:-- [SA16640] Novell NetWare CIFS Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2005-08-31 A vulnerability has been reported in NetWare, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/16640/ Cross Platform:-- [SA16627] FUDforum Avatar Upload Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-08-30 riklaunim has discovered a vulnerability in FUDforum, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16627/ -- [SA16620] AutoLinks Pro "alpath" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2005-08-30 NewAngels Team and 4Degrees have reported a vulnerability in AutoLinks Pro, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16620/ -- [SA16617] phpLDAPadmin welcome.php Arbitrary File Inclusion Critical: Highly critical Where: From remote Impact: System access Released: 2005-08-30 rgod has discovered a vulnerability in phpLDAPadmin, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16617/ -- [SA16607] Looking Glass Cross-Site Scripting and Shell Command Injection Critical: Highly critical Where: From remote Impact: Cross Site Scripting, System access Released: 2005-08-29 rgod has discovered some vulnerabilities in Looking Glass, which can be exploited by malicious people to conduct cross-site scripting attacks and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16607/ -- [SA16585] Quake 2 Lithium II Mod Nickname Format String Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2005-08-29 SinNULL has reported a vulnerability in Lithium II Mod, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16585/ -- [SA16632] PHP-Fusion Nested BBcode "url" Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-08-30 slacker4ever_1 has discovered a vulnerability in PHP-Fusion, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/16632/ -- [SA16625] Cosmoshop Login SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of sensitive information Released: 2005-08-30 l0om has reported a vulnerability in Cosmoshop, which can be exploited by malicious people to conduct SQL injection attacks and disclose sensitive information. Full Advisory: http://secunia.com/advisories/16625/ -- [SA16623] Helpdesk software Hesk Authentication Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2005-08-30 s2b has discovered a vulnerability in Helpdesk software Hesk, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/16623/ -- [SA16616] Simple PHP Blog comment_delete_cgi.php Arbitrary File Deletion Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2005-08-30 Kenneth F. Belva has discovered a vulnerability in Simple PHP Blog, which can be exploited by malicious people to manipulate sensitive information. Full Advisory: http://secunia.com/advisories/16616/ -- [SA16612] FreeStyle Wiki Arbitrary Command Injection Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2005-08-30 A vulnerability has been reported in FreeStyle Wiki, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16612/ -- [SA16597] PhotoPost PHP Pro EXIF Data Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-08-26 Cedric Cochin has reported a vulnerability in PhotoPost PHP Pro, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/16597/ -- [SA16596] YaPig EXIF Data Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-08-26 Cedric Cochin has discovered a vulnerability in YaPig, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/16596/ -- [SA16595] phpGraphy EXIF Data Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2005-08-26 Cedric Cochin has reported a vulnerability in phpGraphy, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/16595/ -- [SA16594] Gallery EXIF Data Script Insertion and File Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of sensitive information Released: 2005-08-26 Two vulnerabilities have been reported in Gallery, which can be exploited by malicious people to conduct script insertion attacks or disclose certain sensitive information. Full Advisory: http://secunia.com/advisories/16594/ -- [SA16611] phpLDAPadmin Anonymous Bind Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass Released: 2005-08-30 Alexander Gerasiov has reported a security issue in phpLDAPadmin, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/16611/ -- [SA16605] phpMyAdmin Two Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2005-08-29 Some vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/16605/ -- [SA16598] Simple PHP Blog Image File Upload Vulnerability Critical: Less critical Where: From remote Impact: System access Released: 2005-08-26 ReZEN and 0xception have discovered a vulnerability in Simple PHP Blog, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/16598/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
This archive was generated by hypermail 2.1.3 : Fri Sep 02 2005 - 04:05:43 PDT