[ISN] Secunia Weekly Summary - Issue: 2006-4

From: InfoSec News (isn@private)
Date: Fri Jan 27 2006 - 02:13:39 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2006-01-19 - 2006-01-26                        

                       This week : 59 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Some vulnerabilities have been reported in various F-Secure products,
which can be exploited by malware to bypass detection or malicious
people to compromise a vulnerable system.

All users of F-Secure products are advised to check for available
patches.

Reference:
http://secunia.com/SA18529

--

Maksim Orlovich has reported a vulnerability in KDE kjs, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
compromise a user's system.

Additional details may be found in the referenced Secunia advisory
below.

Reference:
http://secunia.com/SA18500


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA18529] F-Secure Anti-Virus Archive Handling Vulnerabilities
2.  [SA18493] Oracle Products Multiple Vulnerabilities and Security
              Issues
3.  [SA11762] Opera Browser Favicon Displaying Address Bar Spoofing
              Vulnerability
4.  [SA18255] Microsoft Windows WMF "SETABORTPROC" Arbitrary Code
              Execution
5.  [SA18579] OpenSSH scp Command Line Shell Command Injection
6.  [SA15546] Microsoft Internet Explorer "window()" Arbitrary Code
              Execution Vulnerability
7.  [SA18500] KDE kjs UTF-8 Encoded URI Buffer Overflow Vulnerability
8.  [SA18556] Etomite "cij" Shell Command Execution Backdoor Security
              Issue
9.  [SA18560] WebspotBlogging "username" SQL Injection Vulnerability
10. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA18574] Sami FTP Server USER Command Buffer Overflow
[SA18553] Hitachi HITSENSER Data Mart Server SQL Injection
[SA18550] FileCOPA FTP Server Directory Traversal Vulnerability
[SA18589] Kerio WinRoute Firewall Web Browsing Denial of Service
[SA18551] MailSite Cross-Site Scripting and Denial of Service

UNIX/Linux:
[SA18584] Avaya S87XX/S8500/S8300 Lynx "HTrjis()" NNTP Buffer Overflow
[SA18583] Fedora update for kdelibs
[SA18570] Gentoo update for kdelibs
[SA18568] Debian update for libapache-auth-ldap
[SA18561] Debian update for kdelibs
[SA18559] SUSE update for kdelibs3
[SA18552] Ubuntu update for kdelibs4c2
[SA18616] Mandriva update for ipsec-tools
[SA18612] Debian update for mailman
[SA18609] FreeBSD "pf" IP Fragment Denial of Service Vulnerability
[SA18607] Ubuntu update for imagemagick
[SA18585] Fedora update for httpd
[SA18582] Debian update for cupsys
[SA18578] Debian update for wine
[SA18571] Fetchmail Bounced Message Denial of Service Vulnerability
[SA18569] Avaya PDS HP-UX ftpd Denial of Service Vulnerability
[SA18555] Debian update for trac
[SA18554] SGI Advanced Linux Environment Multiple Updates
[SA18606] Debian update for flyspray
[SA18594] WeBWorK Arbitrary Command Execution Vulnerability
[SA18562] Red Hat update for kernel
[SA18600] HP-UX Unspecified Privilege Escalation Vulnerability
[SA18599] FreeBSD Kernel Memory Disclosure Vulnerabilities
[SA18596] Avaya PDS HP-UX Unspecified Privilege Escalation
[SA18586] LibAST Configuration Filename Buffer Overflow Vulnerability
[SA18580] Sun Grid Engine rsh Client Privilege Escalation
Vulnerability
[SA18564] LSH lshd Seed-file File Descriptor Leak Vulnerability
[SA18558] Debian update for sudo
[SA18587] LibTIFF TIFFVSetField Denial of Service Vulnerability
[SA18595] Fedora update for openssh
[SA18579] OpenSSH scp Command Line Shell Command Injection
[SA18573] Debian update for crawl

Other:


Cross Platform:
[SA18605] Text Rider Exposure of User Credentials
[SA18560] WebspotBlogging "username" SQL Injection Vulnerability
[SA18556] Etomite "cij" Shell Command Execution Backdoor Security
Issue
[SA18608] HP Oracle for Openview Multiple Vulnerabilities
[SA18604] miniBloggie "user" SQL Injection Vulnerability
[SA18601] Reamday Enterprises Magic News Password Change Bypass
[SA18597] Phpclanwebsite SQL Injection Vulnerabilities
[SA18593] BEA WebLogic Portal Information Disclosure and Security
Bypass
[SA18592] BEA WebLogic Server/Express Vulnerabilities and Security
Issues
[SA18575] ADOdb PostgreSQL SQL Injection Vulnerability
[SA18572] Pixelpost Comment Script Insertion Vulnerability
[SA18567] e-moBLOG SQL Injection Vulnerabilities
[SA18563] Zoph SQL Injection Vulnerabilities
[SA18557] Gallery Fullname Script Insertion Vulnerability
[SA18591] CA Products iGateway Service Content-Length Buffer Overflow
[SA18603] MyBB User Control Panel Cross-Site Request Forgery
[SA18588] Claroline Single Sign-On System Predictable Cookie
[SA18581] BEA WebLogic Server/Express Multiple Domains Administrator
Access
[SA18576] Tor Hidden Service Disclosure Weakness
[SA18566] Note-A-Day Weblog Exposure of User Credentials
[SA18565] AZ Bulletin Board Cross-Site Scripting Vulnerabilities
[SA18577] MyBB Disclosure of Table Prefix Weakness

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA18574] Sami FTP Server USER Command Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-01-25

Critical Security has discovered a vulnerability in Sami FTP Server,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/18574/

 --

[SA18553] Hitachi HITSENSER Data Mart Server SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-01-20

A vulnerability has been reported in HITSENSER Data Mart Server, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18553/

 --

[SA18550] FileCOPA FTP Server Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2006-01-20

P@r@n01d and $um$id have discovered a vulnerability in FileCopa FTP
Server, which can be exploited by malicious users to access files in
arbitrary locations on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18550/

 --

[SA18589] Kerio WinRoute Firewall Web Browsing Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-01-25

A vulnerability has been reported in Kerio WinRoute Firewall, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/18589/

 --

[SA18551] MailSite Cross-Site Scripting and Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      Cross Site Scripting, DoS
Released:    2006-01-20

Rahul Mohandas has reported two vulnerabilities in MailSite Email
Server, which can be exploited by malicious people to conduct
cross-site scripting attacks and cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18551/


UNIX/Linux:--

[SA18584] Avaya S87XX/S8500/S8300 Lynx "HTrjis()" NNTP Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-01-25

Avaya has acknowledged a vulnerability in Avaya S87XX/S8500/S8300,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/18584/

 --

[SA18583] Fedora update for kdelibs

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-01-23

Fedora has issued an update for kdelibs. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18583/

 --

[SA18570] Gentoo update for kdelibs

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-01-23

Gentoo has issued an update for kdelibs. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18570/

 --

[SA18568] Debian update for libapache-auth-ldap

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-01-23

Debian has issued an update for libapache-auth-ldap. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18568/

 --

[SA18561] Debian update for kdelibs

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-01-23

Debian has issued an update for kdelibs. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18561/

 --

[SA18559] SUSE update for kdelibs3

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-01-23

SUSE has issued an update for kdelibs3. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18559/

 --

[SA18552] Ubuntu update for kdelibs4c2

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-01-20

Ubuntu has issued an update for kdelibs4c2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18552/

 --

[SA18616] Mandriva update for ipsec-tools

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-01-26

Mandriva has issued an update for ipsec-tools. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18616/

 --

[SA18612] Debian update for mailman

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-01-26

Debian has issued an update for mailman. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18612/

 --

[SA18609] FreeBSD "pf" IP Fragment Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-01-25

A vulnerability has been reported in FreeBSD, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18609/

 --

[SA18607] Ubuntu update for imagemagick

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-01-25

Ubuntu has issued an update for imagemagick. This fixes two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18607/

 --

[SA18585] Fedora update for httpd

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, DoS
Released:    2006-01-23

Fedora has issued an update for httpd. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18585/

 --

[SA18582] Debian update for cupsys

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-01-23

Debian has issued an update for cupsys. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18582/

 --

[SA18578] Debian update for wine

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-01-25

Debian has issued an update for wine. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/18578/

 --

[SA18571] Fetchmail Bounced Message Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-01-23

A vulnerability has been reported in Fetchmail, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18571/

 --

[SA18569] Avaya PDS HP-UX ftpd Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-01-24

Avaya has acknowledged a vulnerability in Predictive Dialing System
(PDS), which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/18569/

 --

[SA18555] Debian update for trac

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-01-23

Debian has issued an update for trac. This fixes two vulnerabilities,
which can be exploited by malicious people to conduct script insertion
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18555/

 --

[SA18554] SGI Advanced Linux Environment Multiple Updates

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-01-20

SGI has issued a patch for SGI Advanced Linux Environment. This fixes
some vulnerabilities, which can be exploited by malicious users to
compromise a vulnerable system, and by malicious people to cause a DoS
(Denial of Service) and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18554/

 --

[SA18606] Debian update for flyspray

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-01-25

Debian has issued an update for flyspray. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18606/

 --

[SA18594] WeBWorK Arbitrary Command Execution Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2006-01-25

A vulnerability has been reported in WeBWorK, which can be exploited by
malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18594/

 --

[SA18562] Red Hat update for kernel

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information, DoS
Released:    2006-01-20

Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious people or local
users to cause a DoS (Denial of Service), and by malicious people to
disclose certain sensitive information.

Full Advisory:
http://secunia.com/advisories/18562/

 --

[SA18600] HP-UX Unspecified Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-25

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/18600/

 --

[SA18599] FreeBSD Kernel Memory Disclosure Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-01-25

Two vulnerabilities have been reported in FreeBSD, which can be
exploited to malicious, local users to gain knowledge of potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/18599/

 --

[SA18596] Avaya PDS HP-UX Unspecified Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-26

Avaya has acknowledged a vulnerability in Predictive Dialing System
(PDS), which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/18596/

 --

[SA18586] LibAST Configuration Filename Buffer Overflow Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-25

Johnny Mast has reported a vulnerability in LibAST, which potentially
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/18586/

 --

[SA18580] Sun Grid Engine rsh Client Privilege Escalation
Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-24

A vulnerability has been reported in Sun Grid Engine (SGE), which can
be exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/18580/

 --

[SA18564] LSH lshd Seed-file File Descriptor Leak Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, DoS
Released:    2006-01-23

A vulnerability has been reported in LSH, which can be exploited by
malicious, local users to gain knowledge of potentially sensitive
information or to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18564/

 --

[SA18558] Debian update for sudo

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-20

Debian has issued an update for sudo. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/18558/

 --

[SA18587] LibTIFF TIFFVSetField Denial of Service Vulnerability

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2006-01-23

Herve Drolon has reported a vulnerability in LibTIFF, which can be
exploited by malicious people to crash certain applications on a user's
system.

Full Advisory:
http://secunia.com/advisories/18587/

 --

[SA18595] Fedora update for openssh

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-24

Fedora has issued an update for openssh. This fixes a weakness, which
potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/18595/

 --

[SA18579] OpenSSH scp Command Line Shell Command Injection

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-24

Josh Bressers has reported a weakness in OpenSSH, which potentially can
be exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/18579/

 --

[SA18573] Debian update for crawl

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-01-23

Debian has issued an update for crawl. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/18573/


Other:


Cross Platform:--

[SA18605] Text Rider Exposure of User Credentials

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2006-01-25

Aliaksandr Hartsuyeu has discovered a security issue in Text Rider,
which can be exploited by malicious people to disclose sensitive
information and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18605/

 --

[SA18560] WebspotBlogging "username" SQL Injection Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, System access
Released:    2006-01-20

Aliaksandr Hartsuyeu has discovered a vulnerability in WebspotBlogging,
which can be exploited by malicious people to conduct SQL injection
attacks and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18560/

 --

[SA18556] Etomite "cij" Shell Command Execution Backdoor Security
Issue

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-01-20

Luca Ercoli has reported a security issue in Etomite, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18556/

 --

[SA18608] HP Oracle for Openview Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Manipulation of data, Exposure of system
information, Exposure of sensitive information
Released:    2006-01-25

HP has acknowledged some vulnerabilities and security issues in HP OfO
(Oracle for Openview), which can be exploited with unknown impact, to
gain knowledge of certain information, overwrite arbitrary files, and
to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18608/

 --

[SA18604] miniBloggie "user" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2006-01-25

Aliaksandr Hartsuyeu has discovered a vulnerability in miniBloggie,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/18604/

 --

[SA18601] Reamday Enterprises Magic News Password Change Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-01-25

cijfer has discovered a vulnerability in Reamday Enterprises Magic
News, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/18601/

 --

[SA18597] Phpclanwebsite SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-01-26

matrix_killer has discovered two vulnerabilities in Phpclanwebsite,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/18597/

 --

[SA18593] BEA WebLogic Portal Information Disclosure and Security
Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information
Released:    2006-01-24

Two security issues and a vulnerability have been reported in WebLogic
Portal, which potentially can be exploited by malicious people to
disclose sensitive information and bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/18593/

 --

[SA18592] BEA WebLogic Server/Express Vulnerabilities and Security
Issues

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS
Released:    2006-01-24

Multiple vulnerabilities and security issues have been reported in
WebLogic Server and WebLogic Express, where the most critical ones
potentially can be exploited by malicious people to cause a DoS (Denial
of Service), disclose sensitive information, and bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/18592/

 --

[SA18575] ADOdb PostgreSQL SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-01-24

Andy Staudacher has reported a vulnerability in ADOdb, which
potentially can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/18575/

 --

[SA18572] Pixelpost Comment Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-01-24

Aliaksandr Hartsuyeu has discovered a vulnerability in Pixelpost, which
can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/18572/

 --

[SA18567] e-moBLOG SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-01-23

Aliaksandr Hartsuyeu has discovered some vulnerabilities in e-moBLOG,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/18567/

 --

[SA18563] Zoph SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-01-23

Some vulnerabilities have been reported in Zoph, which potentially can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18563/

 --

[SA18557] Gallery Fullname Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-01-20

A vulnerability has been reported in Gallery, which potentially can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18557/

 --

[SA18591] CA Products iGateway Service Content-Length Buffer Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-01-24

Erika Mendoza has reported a vulnerability in various CA products,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/18591/

 --

[SA18603] MyBB User Control Panel Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Hijacking
Released:    2006-01-25

Roozbeh Afrasiabi has discovered a vulnerability in MyBB, which can be
exploited by malicious people to conduct cross-site request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/18603/

 --

[SA18588] Claroline Single Sign-On System Predictable Cookie

Critical:    Less critical
Where:       From remote
Impact:      Hijacking, Security Bypass
Released:    2006-01-25

karmaguedon has reported a vulnerability in Claroline, which
potentially can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/18588/

 --

[SA18581] BEA WebLogic Server/Express Multiple Domains Administrator
Access

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-01-24

A security issue has been reported in WebLogic Server and WebLogic
Express, which can be exploited by malicious users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/18581/

 --

[SA18576] Tor Hidden Service Disclosure Weakness

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-01-23

Lasse Overlier and Paul Syverson have reported a weakness in Tor, which
can be exploited by malicious people to disclose certain sensitive
information.

Full Advisory:
http://secunia.com/advisories/18576/

 --

[SA18566] Note-A-Day Weblog Exposure of User Credentials

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-01-23

Aliaksandr Hartsuyeu has discovered a security issue in Note-A-Day
Weblog, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/18566/

 --

[SA18565] AZ Bulletin Board Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-01-23

Roozbeh Afrasiabi has reported two vulnerabilities in AZ Bulletin
Board, which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/18565/

 --

[SA18577] MyBB Disclosure of Table Prefix Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2006-01-23

imei has discovered a weakness in MyBB, which can be exploited by
malicious people to disclose system information.

Full Advisory:
http://secunia.com/advisories/18577/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45




_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Fri Jan 27 2006 - 02:37:36 PST