[ISN] Secunia Weekly Summary - Issue: 2006-7

From: InfoSec News (isn@private)
Date: Fri Feb 17 2006 - 00:16:01 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2006-02-09 - 2006-02-16                        

                      This week : 110 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Microsoft has released 7 security bulletins as part of their monthly
patch release cycle.

All users are advised to visit Windows Update and apply available
patches. For additional details about the issues corrected, please
refer to the referenced Secunia advisories below.

References:
http://secunia.com/SA18865
http://secunia.com/SA18859
http://secunia.com/SA18853
http://secunia.com/SA18852
http://secunia.com/SA18835
http://secunia.com/SA18729

--

Secunia Research has discovered multiple vulnerabilities in Lotus
Notes, which can be exploited by malicious people to bypass certain
security restrictions or compromise a user's system.

Additionally, Secunia Research also reported multiple vulnerabilities
in Lotus Domino and iNotes Client, which can be exploited by malicious
people to cause a DoS (Denial of Service) or conduct script insertion
attacks.

Please refer to the referenced Secunia advisories below for details.

References:
http://secunia.com/SA16340
http://secunia.com/SA16280


VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA16280] IBM Lotus Notes Multiple Vulnerabilities
2.  [SA18760] Sun Java JRE "reflection" APIs Sandbox Security Bypass
              Vulnerabilities
3.  [SA16340] IBM Lotus Domino Multiple Vulnerabilities
4.  [SA18700] Firefox Multiple Vulnerabilities
5.  [SA18649] Winamp Three Playlist Parsing Buffer Overflow
              Vulnerabilities
6.  [SA18835] Windows Media Player Bitmap File Processing
              Vulnerability
7.  [SA15546] Microsoft Internet Explorer "window()" Arbitrary Code
              Execution Vulnerability
8.  [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
9.  [SA18787] Internet Explorer Drag-and-Drop Vulnerability
10. [SA18789] HP Systems Insight Manager JBoss and Directory Traversal

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA18912] Avaya Products WMF Image Parsing Vulnerability
[SA18852] Windows Media Player Plug-in EMBED Element Buffer Overflow
[SA18835] Windows Media Player Bitmap File Processing Vulnerability
[SA18872] eStara SoftPhone SIP Packet Handling Denial of Service
[SA18828] SSH Tectia Server SFTP Service Unspecified Vulnerability
[SA18789] HP Systems Insight Manager JBoss and Directory Traversal
[SA18859] Microsoft Windows / Office Korean Input Method Editor
Vulnerability
[SA18865] Microsoft PowerPoint Temporary Internet Files Information
Disclosure
[SA18787] Internet Explorer Drag-and-Drop Vulnerability
[SA18888] MailSite LDAP Service Denial of Service Vulnerability
[SA18853] Microsoft Windows IGMP Denial of Service Vulnerability
[SA18857] Microsoft Windows Web Client Service Vulnerability
[SA18813] iE Integrator Configuration Information Disclosure Weakness

UNIX/Linux:
[SA18884] Gentoo update for sun-jdk/sun-jre-bin
[SA18796] Metamail Mail Boundary Handling Buffer Overflow
[SA18911] Avaya Products Ethereal Vulnerabilities
[SA18887] Debian update for otrs
[SA18882] Debian update for pdfkit.framework
[SA18875] Debian update for gpdf
[SA18871] Red Hat update for imagemagick
[SA18870] Dovecot "imap/pop3-login" Denial of Service Vulnerability
[SA18864] Red Hat update for xpdf
[SA18863] Red Hat update for libpng
[SA18862] Red Hat update for kdegraphics
[SA18861] Ubuntu update for kernel
[SA18860] Ubuntu update for xpdf/poppler/kdegraphics
[SA18851] Gentoo update for imagemagick
[SA18839] Fedora update for poppler
[SA18838] Fedora update for xpdf
[SA18837] Fedora update for kdegraphics
[SA18834] Debian update for xpdf
[SA18832] Red Hat update for gnutls
[SA18830] Mandriva update for gnutls
[SA18826] Gentoo update for kdegraphics/kpdf
[SA18825] Gentoo update for xpdf/poppler
[SA18821] XMB Forums today.php Cookie Data SQL Injection
[SA18815] Fedora update for gnutls
[SA18799] VHCS Security Issue and Multiple Vulnerabilities
[SA18794] GnuTLS libtasn1 DER Decoding Denial of Service
Vulnerabilities
[SA18788] SUSE update for kernel
[SA18785] NeoMail neomail-prefs.pl Missing Session ID Validation
[SA18784] Trustix update for kernel
[SA18889] Debian update for nfs-user-server
[SA18818] Isode M-Vault Server LDAP Vulnerability
[SA18845] GnuPG "gpgv" Signature Verification Security Issue
[SA18841] Power Daemon WHATIDO syslog Format String Vulnerability
[SA18827] Debian update for kronolith
[SA18916] Debian update for libast
[SA18891] Sun Solaris "in.rexecd" Privilege Escalation Vulnerability
[SA18829] Debian update for scponly
[SA18812] Debian update for noweb
[SA18811] SUSE ld Insecure RPATH Privilege Escalation
[SA18809] noweb Insecure Temporary File Creation Vulnerabilities
[SA18806] Ubuntu update for heimdal
[SA18867] Honeyd IP Reassembly Remote Detection Weakness
[SA18824] Kadu Image Send Request Denial of Service
[SA18797] CGIWrap Error Message System Information Disclosure
[SA18907] Mac OS X Kernel Local Denial of Service Vulnerability
[SA18850] SUSE update for openssh
[SA18798] OpenBSD update for openssh
[SA18795] AIX Kernel Unspecified Local Denial of Service Vulnerability

Other:
[SA18836] Avaya CSU/VSU ISAKMP IKE Message Processing Vulnerabilities
[SA18833] D-Link Wireless Access Point Denial of Service Vulnerability
[SA18904] Cisco Products TACACS+ Authentication Bypass
[SA18844] FortiGate URL Filter and Virus Scanning Bypass
Vulnerabilities

Cross Platform:
[SA18883] Plume CMS prepend.php File Inclusion Vulnerability
[SA18879] dotProject File Inclusion and Information Disclosure
Vulnerabilities
[SA18878] Magic News Lite File Inclusion and Profile Update
Vulnerabilities
[SA18847] Flyspray Installation Script "adodbpath" File Inclusion
Vulnerability
[SA18808] LinPHA "lang" Local File Inclusion Vulnerability
[SA18807] HiveMail Multiple Vulnerabilities
[SA18803] DocMGR process.php File Inclusion Vulnerability
[SA18800] Runcms File Upload and File Inclusion Vulnerabilities
[SA18905] HTML::BBCode Script Insertion Vulnerability
[SA18885] webSPELL "search.php" SQL Injection Vulnerability
[SA18881] PHP Classifieds "member_login.php" SQL Injection
[SA18880] SAP Business Connector Arbitrary File Access and Spoofing
[SA18877] Magic Downloads Settings Update Authentication Bypass
[SA18876] Teca Diary Personal Edition SQL Injection Vulnerability
[SA18874] @Mail Webmail Image Tag Script Insertion Vulnerability
[SA18873] Clever Copy Private Message "Subject" Script Insertion
Vulnerability
[SA18869] Lighttpd Case-Insensitive Filename Source Code Disclosure
[SA18868] Squishdot Mail Header Injection Vulnerability
[SA18858] PyBlosxom Arbitrary File Disclosure Vulnerability
[SA18856] CALimba rb_auth.php SQL Injection Vulnerability
[SA18855] Magic Calendar Lite SQL Injection Vulnerability
[SA18854] Time Tracking Software Multiple Vulnerabilities
[SA18849] Gästebuch Homepage URL Script Insertion Vulnerability
[SA18843] WRQ Reflection Secure IT SFTP Format String Vulnerability
[SA18840] Invision Power Board Army System Mod SQL Injection
[SA18831] RunCMS pmlite.php SQL Injection Vulnerability
[SA18823] SmE GB Host Username SQL Injection Vulnerability
[SA18822] PHP/MYSQL Timesheet SQL Injection Vulnerabilities
[SA18819] WebGUI User Account Creation Vulnerability
[SA18817] Hitachi Business Logic Cross-Site Scripting and SQL
Injection
[SA18816] e107 Unspecified BBCode Script Insertion Vulnerabilities
[SA18810] Ansilove File Disclosure and File Upload Vulnerabilities
[SA18805] DB_eSession "deleteSession()" Function SQL Injection
[SA18802] ImageVue Multiple Vulnerabilities
[SA18801] Zen Cart Unspecified SQL Injection Vulnerabilities
[SA18793] phphd Multiple Vulnerabilities
[SA18791] PHPStatus Multiple Vulnerabilities
[SA18790] Clever Copy HTTP Headers Script Insertion Vulnerabilities
[SA18786] SmE GB Host / Blog Host "url" BBcode Script Insertion
[SA18897] MyBB managegroup.php SQL Injection and Cross-Site Scripting
[SA18820] PHP-Nuke "pagetitle" Cross-Site Scripting Vulnerability
[SA18814] QwikiWiki "search.php" Cross-Site Scripting Vulnerability
[SA18804] Siteframe "q" Cross-Site Scripting Vulnerability
[SA18792] PHP Event Calendar User Information Manipulation
[SA18890] PostgreSQL Privilege Escalation and Denial of Service

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA18912] Avaya Products WMF Image Parsing Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-02-16

Avaya has acknowledged a vulnerability in various products, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18912/

 --

[SA18852] Windows Media Player Plug-in EMBED Element Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-02-14

A vulnerability has been reported in Windows Media Player plug-in,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/18852/

 --

[SA18835] Windows Media Player Bitmap File Processing Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-02-14

eEye Digital Security has reported a vulnerability in Windows Media
Player, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/18835/

 --

[SA18872] eStara SoftPhone SIP Packet Handling Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-02-15

ZwelL has discovered some vulnerabilities in eStara SoftPhone, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/18872/

 --

[SA18828] SSH Tectia Server SFTP Service Unspecified Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-02-13

A vulnerability has been reported in SSH Tectia Server, which
potentially can be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/18828/

 --

[SA18789] HP Systems Insight Manager JBoss and Directory Traversal

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information
Released:    2006-02-10

HP has acknowledged a weakness and a vulnerability in HP Systems
Insight Manager, which can be exploited by malicious people to disclose
system information and potentially to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/18789/

 --

[SA18859] Microsoft Windows / Office Korean Input Method Editor
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-02-14

Ryan Lee has reported a vulnerability in various Microsoft products,
which can be exploited by malicious people to gain escalated privileges
or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18859/

 --

[SA18865] Microsoft PowerPoint Temporary Internet Files Information
Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2006-02-14

A vulnerability has been reported in Microsoft PowerPoint 2000, which
can be exploited by malicious people to gain knowledge of sensitive
information.

Full Advisory:
http://secunia.com/advisories/18865/

 --

[SA18787] Internet Explorer Drag-and-Drop Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2006-02-14

Matthew Murphy has reported a vulnerability in Internet Explorer, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18787/

 --

[SA18888] MailSite LDAP Service Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-02-15

Evgeny Legerov has reported a vulnerability in MailSite, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18888/

 --

[SA18853] Microsoft Windows IGMP Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-02-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18853/

 --

[SA18857] Microsoft Windows Web Client Service Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-02-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/18857/

 --

[SA18813] iE Integrator Configuration Information Disclosure Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2006-02-14

D Scholefield has reported a weakness in iE Integrator, which can be
exploited by malicious people to disclose certain system information.

Full Advisory:
http://secunia.com/advisories/18813/


UNIX/Linux:--

[SA18884] Gentoo update for sun-jdk/sun-jre-bin

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-02-15

Gentoo has issued updates for sun-jdk and sun-jre-bin. These fix some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18884/

 --

[SA18796] Metamail Mail Boundary Handling Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-14

Ulf Harnhammar has reported a vulnerability in Metamail, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/18796/

 --

[SA18911] Avaya Products Ethereal Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-16

Avaya has acknowledged some vulnerabilities in ethereal included in
various Avaya products, which can be exploited by malicious people to
cause a DoS (Denial of Service) and potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/18911/

 --

[SA18887] Debian update for otrs

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Cross Site Scripting
Released:    2006-02-15

Debian has issued an update for otrs. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct SQL injection,
script insertion, and cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18887/

 --

[SA18882] Debian update for pdfkit.framework

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-15

Debian has issued an update for pdfkit.framework. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18882/

 --

[SA18875] Debian update for gpdf

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-15

Debian has issued an update for gpdf. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18875/

 --

[SA18871] Red Hat update for imagemagick

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-02-15

Red Hat has issued an update for imagemagick. This fixes two
vulnerabilities, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18871/

 --

[SA18870] Dovecot "imap/pop3-login" Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-02-15

A vulnerability have been reported in Dovecot, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18870/

 --

[SA18864] Red Hat update for xpdf

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-14

Red Hat has issued an update for xpdf. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18864/

 --

[SA18863] Red Hat update for libpng

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-14

Red Hat has issued an update for libpng. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) against applications using libpng or potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/18863/

 --

[SA18862] Red Hat update for kdegraphics

Critical:    Moderately critical
Where:       From remote
Impact:      System access, DoS
Released:    2006-02-14

Red Hat has issued an update for kdegraphics. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18862/

 --

[SA18861] Ubuntu update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-02-15

Ubuntu has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/18861/

 --

[SA18860] Ubuntu update for xpdf/poppler/kdegraphics

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-15

Ubuntu has issued updates for xpdf, poppler, and kdegraphics. These fix
a vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18860/

 --

[SA18851] Gentoo update for imagemagick

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-02-14

Gentoo has issued an update for imagemagick. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18851/

 --

[SA18839] Fedora update for poppler

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-13

Fedora has issued an update for poppler. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18839/

 --

[SA18838] Fedora update for xpdf

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-13

Fedora has issued an update for xpdf. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18838/

 --

[SA18837] Fedora update for kdegraphics

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-13

Fedora has issued an update for kdegraphics. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18837/

 --

[SA18834] Debian update for xpdf

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-14

Debian has issued an update for xpdf. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18834/

 --

[SA18832] Red Hat update for gnutls

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-02-13

Red Hat has issued an update for gnutls. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18832/

 --

[SA18830] Mandriva update for gnutls

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-02-14

Mandriva has issued an update for gnutls. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18830/

 --

[SA18826] Gentoo update for kdegraphics/kpdf

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-13

Gentoo has issued updates for kdegraphics and kpdf. These fix a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18826/

 --

[SA18825] Gentoo update for xpdf/poppler

Critical:    Moderately critical
Where:       From remote
Impact:      System access, DoS
Released:    2006-02-13

Gentoo has issued updates for xpdf and poppler. These fix a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/18825/

 --

[SA18821] XMB Forums today.php Cookie Data SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-13

James Bercegay has reported a vulnerability in XMB Forums, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18821/

 --

[SA18815] Fedora update for gnutls

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-02-13

Fedora has issued an update for gnutls. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18815/

 --

[SA18799] VHCS Security Issue and Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Privilege
escalation
Released:    2006-02-13

Román Medina-Heigl Hernández has reported some vulnerabilities in VHCS,
which can be exploited by malicious people to conduct script insertion
attacks, and by malicious users to bypass certain security restrictions
and gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/18799/

 --

[SA18794] GnuTLS libtasn1 DER Decoding Denial of Service
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-02-10

Evgeny Legerov has reported some vulnerabilities in GnuTLS libtasn1,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/18794/

 --

[SA18788] SUSE update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, DoS
Released:    2006-02-10

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by local users to gain
knowledge of potentially sensitive information, bypass certain security
restrictions, and cause a DoS (Denial of Service), or by malicious
people to cause a DoS.

Full Advisory:
http://secunia.com/advisories/18788/

 --

[SA18785] NeoMail neomail-prefs.pl Missing Session ID Validation

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-02-14

Secunia Research has discovered a vulnerability in NeoMail, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/18785/

 --

[SA18784] Trustix update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2006-02-10

Trustix has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions, and by malicious people to cause
a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18784/

 --

[SA18889] Debian update for nfs-user-server

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-02-15

Debian has issued an update for nfs-user-server. This fixes a
vulnerability, which can be exploited by malicious users to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18889/

 --

[SA18818] Isode M-Vault Server LDAP Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2006-02-14

Evgeny Legerov has reported a vulnerability in Isode M-Vault Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18818/

 --

[SA18845] GnuPG "gpgv" Signature Verification Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-02-15

A security issue has been reported in GnuPG, which potentially can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/18845/

 --

[SA18841] Power Daemon WHATIDO syslog Format String Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-02-13

Gotfault Security has discovered a vulnerability in Power Daemon
(powerd), which can be exploited by malicious people to cause a DoS
(Denial of Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18841/

 --

[SA18827] Debian update for kronolith

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-14

Debian has issued an update for kronolith. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18827/

 --

[SA18916] Debian update for libast

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-02-16

Debian has issued an update for libast. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/18916/

 --

[SA18891] Sun Solaris "in.rexecd" Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-02-15

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/18891/

 --

[SA18829] Debian update for scponly

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-02-13

Debian has issued an update for scponly. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/18829/

 --

[SA18812] Debian update for noweb

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-02-13

Debian has issued an update for noweb. This fixes multiple
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions on a vulnerable system with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/18812/

 --

[SA18811] SUSE ld Insecure RPATH Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-02-13

A vulnerability has been reported in SUSE Linux, which can be exploited
by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/18811/

 --

[SA18809] noweb Insecure Temporary File Creation Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-02-13

Javier Fernández-Sanguino Peña has reported multiple vulnerabilities in
noweb, which can be exploited by malicious, local users to perform
certain actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/18809/

 --

[SA18806] Ubuntu update for heimdal

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-02-13

Ubuntu has issued an update for heimdal. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/18806/

 --

[SA18867] Honeyd IP Reassembly Remote Detection Weakness

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2006-02-15

A weakness has been reported in Honeyd, which can be exploited by
malicious people to disclose certain system information.

Full Advisory:
http://secunia.com/advisories/18867/

 --

[SA18824] Kadu Image Send Request Denial of Service

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2006-02-15

Piotr Bania has reported a vulnerability in Kadu, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18824/

 --

[SA18797] CGIWrap Error Message System Information Disclosure

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2006-02-15

A weakness has been reported in CGIWrap, which can be exploited by
malicious people to disclose certain system information.

Full Advisory:
http://secunia.com/advisories/18797/

 --

[SA18907] Mac OS X Kernel Local Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-02-16

A vulnerability has been reported in Mac OS X, which can be exploited
by malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18907/

 --

[SA18850] SUSE update for openssh

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-02-14

SUSE has issued an update for openssh. This fixes a weakness, which
potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/18850/

 --

[SA18798] OpenBSD update for openssh

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-02-13

OpenBSD has issued an update for openssh. This fixes a weakness, which
potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/18798/

 --

[SA18795] AIX Kernel Unspecified Local Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-02-14

A vulnerability has been reported in AIX, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18795/


Other:--

[SA18836] Avaya CSU/VSU ISAKMP IKE Message Processing Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-02-13

Avaya has acknowledged some vulnerabilities in Avaya CSU/VSU, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18836/

 --

[SA18833] D-Link Wireless Access Point Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-02-14

Aaron Portnoy and Keefe Johnson has reported a vulnerability in D-Link
Wireless Access Point, which potentially can be exploited by malicious
people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/18833/

 --

[SA18904] Cisco Products TACACS+ Authentication Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-02-16

A security issue has been reported in various Cisco products, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/18904/

 --

[SA18844] FortiGate URL Filter and Virus Scanning Bypass
Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2006-02-13

Mathieu Dessus has reported two vulnerabilities in FortiGate, which can
be exploited by malicious people and users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/18844/


Cross Platform:--

[SA18883] Plume CMS prepend.php File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-02-15

unitedbr has discovered a vulnerability in Plume CMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18883/

 --

[SA18879] dotProject File Inclusion and Information Disclosure
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, System access
Released:    2006-02-15

Robin Verton has discovered some vulnerabilities in dotProject, which
can be exploited by malicious people to disclose certain system
information and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18879/

 --

[SA18878] Magic News Lite File Inclusion and Profile Update
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2006-02-15

Aliaksandr Hartsuyeu has discovered some vulnerabilities in Magic News
Lite, which can be exploited by malicious people to bypass certain
security restrictions and to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18878/

 --

[SA18847] Flyspray Installation Script "adodbpath" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2006-02-14

rgod has reported a vulnerability in Flyspray, which can be exploited
by malicious people to disclose potentially sensitive information and
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18847/

 --

[SA18808] LinPHA "lang" Local File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2006-02-13

rgod has discovered a vulnerability in Linpha, which can be exploited
by malicious people to disclose sensitive information and potentially
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18808/

 --

[SA18807] HiveMail Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, System access
Released:    2006-02-13

James Bercegay has reported multiple vulnerabilities in HiveMail, which
can be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18807/

 --

[SA18803] DocMGR process.php File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2006-02-13

rgod has reported a vulnerability in DocMGR, which can be exploited by
malicious people to disclose potentially sensitive information and to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18803/

 --

[SA18800] Runcms File Upload and File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-02-10

rgod has reported some vulnerabilities in Runcms, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18800/

 --

[SA18905] HTML::BBCode Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-16

Aliaksandr Hartsuyeu has reported a vulnerability in HTML::BBCode,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/18905/

 --

[SA18885] webSPELL "search.php" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-15

x128 has discovered a vulnerability in webSPELL, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18885/

 --

[SA18881] PHP Classifieds "member_login.php" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-15

Audun Larsen has reported a vulnerability in PHP Classifieds, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18881/

 --

[SA18880] SAP Business Connector Arbitrary File Access and Spoofing

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing, Manipulation of data
Released:    2006-02-15

Leandro Meiners has reported two vulnerabilities in SAP Business
Connect (BC), which can be exploited by malicious people to conduct
spoofing attacks or by malicious users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/18880/

 --

[SA18877] Magic Downloads Settings Update Authentication Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-02-15

Aliaksandr Hartsuyeu has reported a vulnerability in Magic Downloads,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/18877/

 --

[SA18876] Teca Diary Personal Edition SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-16

Aliaksandr Hartsuyeu has reported a vulnerability in Teca Diary
Personal Edition, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18876/

 --

[SA18874] @Mail Webmail Image Tag Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-16

Thomas Pollet has discovered a vulnerability in @Mail, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18874/

 --

[SA18873] Clever Copy Private Message "Subject" Script Insertion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-16

Thomas Pollet has discovered a vulnerability in Clever Copy, which can
be exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18873/

 --

[SA18869] Lighttpd Case-Insensitive Filename Source Code Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-02-15

A vulnerability has been reported in lighttpd, which can be exploited
by malicious people to disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/18869/

 --

[SA18868] Squishdot Mail Header Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-02-15

A vulnerability has been reported in Squishdot, which can be exploited
by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/18868/

 --

[SA18858] PyBlosxom Arbitrary File Disclosure Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2006-02-14

A vulnerability has been reported in PyBlosxom, which potentially can
be exploited by malicious people to disclose certain sensitive
information.

Full Advisory:
http://secunia.com/advisories/18858/

 --

[SA18856] CALimba rb_auth.php SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-14

Aliaksandr Hartsuyeu has reported a vulnerability in CALimba, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18856/

 --

[SA18855] Magic Calendar Lite SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-14

Aliaksandr Hartsuyeu has reported a vulnerability in Magic Calendar
Lite, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/18855/

 --

[SA18854] Time Tracking Software Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2006-02-14

Aliaksandr Hartsuyeu has reported some vulnerabilities in Time Tracking
Software, which can be exploited by malicious people to bypass certain
security restrictions, and to conduct SQL injection and script
insertion attacks.

Full Advisory:
http://secunia.com/advisories/18854/

 --

[SA18849] Gästebuch Homepage URL Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-14

Micha Borrmann has reported a vulnerability in Gästebuch (gastbuch),
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/18849/

 --

[SA18843] WRQ Reflection Secure IT SFTP Format String Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-02-14

A vulnerability has been reported in Reflection Secure IT, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18843/

 --

[SA18840] Invision Power Board Army System Mod SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-14

fRoGGz and Alex has reported a vulnerability in Invision Power Board
Army System Mod, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18840/

 --

[SA18831] RunCMS pmlite.php SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-14

Hamid Ebadi has discovered a vulnerability in RunCMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18831/

 --

[SA18823] SmE GB Host Username SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      
Released:    2006-02-13

Aliaksandr Hartsuyeu has reported a vulnerability in SmE GB Host, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18823/

 --

[SA18822] PHP/MYSQL Timesheet SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-13

Aliaksandr Hartsuyeu has reported some vulnerabilities in PHP/MYSQL
Timesheet, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/18822/

 --

[SA18819] WebGUI User Account Creation Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-02-13

A vulnerability has been reported in WebGUI, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/18819/

 --

[SA18817] Hitachi Business Logic Cross-Site Scripting and SQL
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-02-13

Two vulnerabilities have been reported in Hitachi Business Logic, which
can be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18817/

 --

[SA18816] e107 Unspecified BBCode Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-13

Some vulnerabilities have been reported in e107, which can be exploited
by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18816/

 --

[SA18810] Ansilove File Disclosure and File Upload Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2006-02-13

Some vulnerabilities have been reported in Ansilove, which can be
exploited by malicious users to disclose certain sensitive information
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18810/

 --

[SA18805] DB_eSession "deleteSession()" Function SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-13

James Bercegay has reported a vulnerability in DB_eSession, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18805/

 --

[SA18802] ImageVue Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
System access
Released:    2006-02-14

zjieb has reported some vulnerabilities in ImageVue, which can be
exploited by malicious people to gain knowledge of certain system
information, conduct cross-site scripting attacks, and potentially by
malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/18802/

 --

[SA18801] Zen Cart Unspecified SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-13

A vulnerability has been reported in Zen Cart, which potentially can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/18801/

 --

[SA18793] phphd Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2006-02-10

Aliaksandr Hartsuyeu has reported some vulnerabilities in phphd, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks, and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/18793/

 --

[SA18791] PHPStatus Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2006-02-10

Aliaksandr Hartsuyeu has reported some vulnerabilities in PHPStatus,
which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks, and bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/18791/

 --

[SA18790] Clever Copy HTTP Headers Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-10

Aliaksandr Hartsuyeu has reported two vulnerabilities in Clever Copy,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/18790/

 --

[SA18786] SmE GB Host / Blog Host "url" BBcode Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-10

Aliaksandr Hartsuyeu has reported a vulnerability in SmE GB Host and
SmE Blog Host, which can be exploited by malicious people to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18786/

 --

[SA18897] MyBB managegroup.php SQL Injection and Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-02-16

imei addmimistrator has discovered vulnerabilities in MyBB, which can
be exploited by malicious users to conduct SQL injection attacks and by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18897/

 --

[SA18820] PHP-Nuke "pagetitle" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-13

Janek Vind "waraxe" has discovered a vulnerability in PHP-Nuke, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/18820/

 --

[SA18814] QwikiWiki "search.php" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-14

Citynova has discovered a vulnerability in QwikiWiki, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18814/

 --

[SA18804] Siteframe "q" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-02-13

Kiki has reported a vulnerability in Siteframe, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/18804/

 --

[SA18792] PHP Event Calendar User Information Manipulation

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-02-10

Aliaksandr Hartsuyeu has discovered a vulnerability in PHP Event
Calendar, which can be exploited by malicious users to manipulate
certain information and conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/18792/

 --

[SA18890] PostgreSQL Privilege Escalation and Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation, DoS
Released:    2006-02-15

Two vulnerabilities have been reported in PostgreSQL, which can be
exploited by malicious users to cause a DoS (Denial of Service) or gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/18890/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org 



This archive was generated by hypermail 2.1.3 : Fri Feb 17 2006 - 00:32:13 PST