========================================================================
The Secunia Weekly Advisory Summary
2006-02-23 - 2006-03-02
This week : 66 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
Peter Vreugdenhil has reported a vulnerability in Macromedia ShockWave
Player, which can be exploited by malicious people to compromise a
user's system.
For additional details please refer to the referenced Secunia advisory
below.
Reference:
http://secunia.com/SA19009
VIRUS ALERTS:
Secunia has not issued any virus alerts during the week.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA18963] Mac OS X File Association Meta Data Shell Script
Execution
2. [SA19009] Macromedia ShockWave Player ActiveX Installer Buffer
Overflow
3. [SA16280] IBM Lotus Notes Multiple Vulnerabilities
4. [SA19013] WinACE RAR and TAR Directory Traversal Vulnerability
5. [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
6. [SA18989] The Bat! Email Subject Header Buffer Overflow
Vulnerability
7. [SA19014] Website Generator PHP Code Injection Vulnerability
8. [SA19010] StuffIt / ZipMagic Directory Traversal Vulnerability
9. [SA18990] ArGoSoft Mail Server Pro Multiple Vulnerabilities
10. [SA19001] iCal "Calendar Text" Script Insertion Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA19009] Macromedia ShockWave Player ActiveX Installer Buffer
Overflow
[SA19067] Mail Transport System Professional Mail Relay Vulnerability
[SA19060] StoreBot 2002 Standard Edition "ShipMethod" Script Insertion
[SA19033] SPiD scan_lang_insert.php File Inclusion Vulnerability
[SA19024] Pentacle In-Out Board SQL Injection Vulnerabilities
[SA19019] StoreBot 2005 Professional Edition "Pwd" SQL Injection
[SA19001] iCal "Calendar Text" Script Insertion Vulnerability
[SA19043] bttlxeForum "err_txt" Cross-Site Scripting Vulnerability
[SA19025] Parodia "AG_ID" Cross-Site Scripting Vulnerability
[SA19013] WinACE RAR and TAR Directory Traversal Vulnerability
[SA19010] StuffIt / ZipMagic Directory Traversal Vulnerability
[SA19006] SpeedProject Products ZIP and JAR Directory Traversal
[SA19059] HP System Management Homepage Directory Traversal
[SA19077] M4 Project enigma-suite Default Account Password Weakness
[SA19057] Internet Explorer Iframe Folder Deletion Weakness
UNIX/Linux:
[SA19000] Mandriva update for metamail
[SA19071] Flex Unspecified Scanner Vulnerabilities
[SA19065] Debian update for gpdf
[SA19041] Sun Solaris update for Perl
[SA19036] iGENUS Webmail File Inclusion Vulnerability
[SA19030] Gentoo update for graphicsmagick
[SA19029] Debian update for bmv
[SA19021] Debian update for pdftohtml
[SA19016] Trustix update for sudo / tar
[SA19012] SUSE Updates for Multiple Packages
[SA19002] Zoo "fullpath()" File Name Handling Buffer Overflow
[SA18999] Ubuntu update for tar
[SA19046] NuFW TLS Socket Handling Denial of Service
[SA19038] SUSE update for kernel
[SA19035] Ubuntu update for postgresql
[SA19017] FreeBSD "nfsd" NFS Mount Request Denial of Service
[SA19015] Trustix update for postgresql
[SA19005] SUSE update for heimdal
[SA19042] Sun Solaris HSFS File System Privilege Escalation
Vulnerability
[SA19027] Gentoo update for noweb
Other:
[SA19069] Thomson SpeedTouch 500 Series Cross-Site Scripting
[SA19037] Compex NetPassage WPE54G Denial of Service Vulnerability
Cross Platform:
[SA19058] RunCMS phpRPC Library Arbitrary Code Execution Vulnerability
[SA19055] PeHePe Membership Management System Two Vulnerabilities
[SA19047] ShoutLIVE Multiple Vulnerabilities
[SA19028] phpRPC Library Arbitrary Code Execution Vulnerability
[SA19020] freeForum Multiple Vulnerabilities
[SA19068] N8cms Cross-Site Scripting and SQL Injection Vulnerabilities
[SA19062] d3jeeb Pro "catid" SQL Injection Vulnerabilities
[SA19061] MyBB "comma" Parameter SQL Injection Vulnerability
[SA19056] sendcard Unspecified SQL Injection Vulnerabilities
[SA19053] DirectContact Directory Traversal Vulnerability
[SA19048] LanSuite LanParty Intranet System "fid" SQL Injection
[SA19045] EKINboard Multiple Vulnerabilities
[SA19044] CrossFire "oldsocketmode" Denial of Service Vulnerability
[SA19023] PwsPHP "sondage" Module SQL Injection Vulnerability
[SA19008] PEAR Auth DB / LDAP Multiple Injection Vulnerabilities
[SA19007] Calcium "EventText" Script Insertion Vulnerability
[SA19004] Simple Machines Forum "X-Forwarded-For" Script Insertion
[SA19003] iUser Ecommerce Unspecified Vulnerabilities
[SA19070] TOPo "gTopNombre" Parameter Cross-Site Scripting
Vulnerability
[SA19066] CGI Calendar Cross-Site Scripting Vulnerabilities
[SA19052] MyPHPNuke Cross-Site Scripting Vulnerabilities
[SA19050] WordPress Cross-Site Scripting Vulnerabilities
[SA19039] PunBB "header.php" Cross-Site Scripting Vulnerability
[SA19031] JFacets "ProfileID" Profile Change Vulnerability
[SA19026] 4images "template" Parameter File Inclusion Vulnerability
[SA19014] Website Generator PHP Code Injection Vulnerability
[SA19011] PEAR Archive_Tar Directory Traversal Vulnerability
[SA19034] MySQL Query Logging Bypass Security Issue
[SA19018] Issue Dealer Unpublished Content Disclosure Weakness
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA19009] Macromedia ShockWave Player ActiveX Installer Buffer
Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-02-24
Peter Vreugdenhil has reported a vulnerability in Macromedia ShockWave
Player, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/19009/
--
[SA19067] Mail Transport System Professional Mail Relay Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2006-03-01
A vulnerability has been reported in Mail Transport System (MTS)
Professional, which can be exploited by malicious people to use it as
an open mail relay.
Full Advisory:
http://secunia.com/advisories/19067/
--
[SA19060] StoreBot 2002 Standard Edition "ShipMethod" Script Insertion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-03-01
KeyShore and Yog have reported a vulnerability in StoreBot 2002
Standard Edition, which can be exploited by malicious people to conduct
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/19060/
--
[SA19033] SPiD scan_lang_insert.php File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2006-02-28
Nemesis Security Audit Group has discovered a vulnerability in SPiD,
which can be exploited by malicious people to disclose potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/19033/
--
[SA19024] Pentacle In-Out Board SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-02-27
Mustafa Can Bjorn has discovered two vulnerability in Pentacle In-Out
Board, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/19024/
--
[SA19019] StoreBot 2005 Professional Edition "Pwd" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2006-03-01
KeyShore and Yog have reported a vulnerability in StoreBot 2005
Professional Edition, which can be exploited by malicious people to
conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/19019/
--
[SA19001] iCal "Calendar Text" Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-02-24
KeyShore and Yog have discovered a vulnerability in iCal, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/19001/
--
[SA19043] bttlxeForum "err_txt" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-03-01
runvirus has reported a vulnerability in bttlxeForum, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/19043/
--
[SA19025] Parodia "AG_ID" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information
Released: 2006-02-28
KeyShore and Yog have reported a vulnerability in Parodia, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/19025/
--
[SA19013] WinACE RAR and TAR Directory Traversal Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2006-02-24
Hamid Ebadi has discovered a vulnerability in WinACE, which potentially
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/19013/
--
[SA19010] StuffIt / ZipMagic Directory Traversal Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2006-02-24
Hamid Ebadi has reported a vulnerability in StuffIt and ZipMagic, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/19010/
--
[SA19006] SpeedProject Products ZIP and JAR Directory Traversal
Critical: Less critical
Where: From remote
Impact: System access
Released: 2006-02-24
Hamid Ebadi has reported a vulnerability in various SpeedProject
products, which potentially can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/19006/
--
[SA19059] HP System Management Homepage Directory Traversal
Critical: Less critical
Where: From local network
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2006-03-01
A vulnerability has been reported in HP System Management Homepage,
which can be exploited by malicious people to gain knowledge of
potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/19059/
--
[SA19077] M4 Project enigma-suite Default Account Password Weakness
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2006-03-01
A weakness has been reported in M4 Project enigma-suite, which can be
exploited by malicious, local users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/19077/
--
[SA19057] Internet Explorer Iframe Folder Deletion Weakness
Critical: Not critical
Where: From remote
Impact: Manipulation of data
Released: 2006-02-28
cyber flash has discovered a weakness in Internet Explorer, which can
be exploited by malicious people to trick users into deleting local
folders.
Full Advisory:
http://secunia.com/advisories/19057/
UNIX/Linux:--
[SA19000] Mandriva update for metamail
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-02-23
Mandriva has issued an update for metamail. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/19000/
--
[SA19071] Flex Unspecified Scanner Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2006-03-01
Some vulnerabilities have been reported in Flex, which has an unknown
impact.
Full Advisory:
http://secunia.com/advisories/19071/
--
[SA19065] Debian update for gpdf
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2006-02-28
Full Advisory:
http://secunia.com/advisories/19065/
--
[SA19041] Sun Solaris update for Perl
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-03-01
Sun has issued an update for perl. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a vulnerable Perl application.
Full Advisory:
http://secunia.com/advisories/19041/
--
[SA19036] iGENUS Webmail File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2006-02-27
rgod has reported a vulnerability in iGENUS Webmail, which can be
exploited by malicious people to disclose potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/19036/
--
[SA19030] Gentoo update for graphicsmagick
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-02-27
Gentoo has issued an update for graphicsmagick. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/19030/
--
[SA19029] Debian update for bmv
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-02-28
Debian has issued an update for bmv. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/19029/
--
[SA19021] Debian update for pdftohtml
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2006-02-28
Full Advisory:
http://secunia.com/advisories/19021/
--
[SA19016] Trustix update for sudo / tar
Critical: Moderately critical
Where: From remote
Impact: Privilege escalation, DoS, System access
Released: 2006-02-27
Trustix has issued updates for sudo and tar. These fix some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges, and malicious people to cause a DoS (Denial
of Service) or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/19016/
--
[SA19012] SUSE Updates for Multiple Packages
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2006-02-27
SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and HTTP response splitting attacks, cause a DoS
(Denial of Service), and potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/19012/
--
[SA19002] Zoo "fullpath()" File Name Handling Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-02-24
Jean-Sébastien Guay-Leroux has discovered a vulnerability in zoo, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/19002/
--
[SA18999] Ubuntu update for tar
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-02-23
Ubuntu has issued an update for tar. This fixes a vulnerability, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service) and to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/18999/
--
[SA19046] NuFW TLS Socket Handling Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-02-28
A vulnerability has been reported in NuFW, which can be exploited by
malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/19046/
--
[SA19038] SUSE update for kernel
Critical: Less critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information, DoS
Released: 2006-02-28
SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of potentially sensitive information, bypass certain
security restrictions and cause a DoS (Denial of Service), and by
malicious people to cause a DoS.
Full Advisory:
http://secunia.com/advisories/19038/
--
[SA19035] Ubuntu update for postgresql
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-02-27
Ubuntu has issued an update for PostgreSQL. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/19035/
--
[SA19017] FreeBSD "nfsd" NFS Mount Request Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-02-27
Evgeny Legerov has reported a vulnerability in FreeBSD, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/19017/
--
[SA19015] Trustix update for postgresql
Critical: Less critical
Where: From local network
Impact: Privilege escalation, DoS
Released: 2006-02-27
Trustix has issued an update for postgresql. This fixes two
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service) or gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/19015/
--
[SA19005] SUSE update for heimdal
Critical: Less critical
Where: From local network
Impact: Privilege escalation, DoS
Released: 2006-02-27
SUSE has issued an update for heimdal. This fixes multiple
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges or by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/19005/
--
[SA19042] Sun Solaris HSFS File System Privilege Escalation
Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2006-02-27
A vulnerability has been reported in Solaris, which can be exploited by
malicious, local users to cause a DoS (Denial of Service) or gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/19042/
--
[SA19027] Gentoo update for noweb
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-02-27
Gentoo has issued an update for noweb. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.
Full Advisory:
http://secunia.com/advisories/19027/
Other:--
[SA19069] Thomson SpeedTouch 500 Series Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-02-28
Preben Nyløkken has reported a vulnerability in Thomson SpeedTouch 500
Series, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/19069/
--
[SA19037] Compex NetPassage WPE54G Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-03-01
/dev/0id has reported a vulnerability Compex NetPassage WPE54G, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/19037/
Cross Platform:--
[SA19058] RunCMS phpRPC Library Arbitrary Code Execution Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-02-27
James Bercegay has reported a vulnerability in RunCMS, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/19058/
--
[SA19055] PeHePe Membership Management System Two Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2006-03-01
Yunus Emre Yilmaz has reported two vulnerabilities in PeHePe Membership
Management System, which can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/19055/
--
[SA19047] ShoutLIVE Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2006-02-27
Aliaksandr Hartsuyeu has reported some vulnerabilities in ShoutLIVE,
which can be exploited by malicious people to conduct script insertion
attacks and to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/19047/
--
[SA19028] phpRPC Library Arbitrary Code Execution Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-02-27
James Bercegay has reported a vulnerability in phpRPC, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/19028/
--
[SA19020] freeForum Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2006-02-28
Aliaksandr Hartsuyeu has reported some vulnerabilities in freeForum,
which can be exploited by malicious people to conduct script insertion
attacks and to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/19020/
--
[SA19068] N8cms Cross-Site Scripting and SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-03-01
Liz0ziM has discovered some vulnerabilities in N8cms, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/19068/
--
[SA19062] d3jeeb Pro "catid" SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-02-28
SAUDI has reported two vulnerabilities in d3jeeb Pro, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/19062/
--
[SA19061] MyBB "comma" Parameter SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-03-01
D3vil-0x1 has discovered a vulnerability in MyBB, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/19061/
--
[SA19056] sendcard Unspecified SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-03-01
Sumit Siddharth has reported some vulnerabilities in sendcard, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/19056/
--
[SA19053] DirectContact Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2006-02-28
Donato Ferrante has discovered a vulnerability in DirectContact, which
can be exploited by malicious people to gain knowledge of potentially
sensitive information.
Full Advisory:
http://secunia.com/advisories/19053/
--
[SA19048] LanSuite LanParty Intranet System "fid" SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-02-27
x128 has discovered a vulnerability in LanSuite LanParty Intranet
System, which can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/19048/
--
[SA19045] EKINboard Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Released: 2006-02-28
Aliaksandr Hartsuyeu has reported some vulnerabilities in EKINboard,
which can be exploited by malicious people to conduct SQL injection and
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/19045/
--
[SA19044] CrossFire "oldsocketmode" Denial of Service Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-02-28
Luigi Auriemma has reported a vulnerability in CrossFire, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/19044/
--
[SA19023] PwsPHP "sondage" Module SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Released: 2006-02-27
papipsycho has reported a vulnerability in PwsPHP, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/19023/
--
[SA19008] PEAR Auth DB / LDAP Multiple Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2006-02-23
Matt Van Gundy has reported some vulnerabilities in PEAR Auth, which
can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/19008/
--
[SA19007] Calcium "EventText" Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-02-24
KeyShore and KeyYog have discovered a vulnerability in Calcium, which
can be exploited by malicious people to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/19007/
--
[SA19004] Simple Machines Forum "X-Forwarded-For" Script Insertion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-02-24
Aliaksandr Hartsuyeu has reported a vulnerability in Simple Machines
Forum, which can be exploited by malicious people to conduct script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/19004/
--
[SA19003] iUser Ecommerce Unspecified Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2006-02-23
Some vulnerabilities with unknown impacts have been reported in iUser
Ecommerce.
Full Advisory:
http://secunia.com/advisories/19003/
--
[SA19070] TOPo "gTopNombre" Parameter Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-03-01
Yunus Emre Yilmaz has discovered a vulnerability in TOPo, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/19070/
--
[SA19066] CGI Calendar Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-02-28
Revnic Vasile has discovered some vulnerabilities in CGI Calendar,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/19066/
--
[SA19052] MyPHPNuke Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-02-27
Mustafa Can Bjorn has reported some vulnerabilities in MyPHPNuke, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/19052/
--
[SA19050] WordPress Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information
Released: 2006-03-01
K4P0 has discovered two vulnerabilities in WordPress, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/19050/
--
[SA19039] PunBB "header.php" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-03-01
A vulnerability has been reported in PunBB, which can be exploited by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/19039/
--
[SA19031] JFacets "ProfileID" Profile Change Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-02-28
A vulnerability has been reported in JFacets, which can be exploited by
malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/19031/
--
[SA19026] 4images "template" Parameter File Inclusion Vulnerability
Critical: Less critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2006-02-27
rgod has reported a vulnerability in 4images, which can be exploited by
malicious people to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/19026/
--
[SA19014] Website Generator PHP Code Injection Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-02-24
Nemesis Security Audit Group has discovered a vulnerability in Website
Generator, which can be exploited by malicious users to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/19014/
--
[SA19011] PEAR Archive_Tar Directory Traversal Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2006-02-24
Hamid Ebadi has discovered a vulnerability in PEAR Archive_Tar, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/19011/
--
[SA19034] MySQL Query Logging Bypass Security Issue
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2006-02-27
1dt.w0lf has discovered a security issue in MySQL, which can be
exploited by malicious users to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/19034/
--
[SA19018] Issue Dealer Unpublished Content Disclosure Weakness
Critical: Not critical
Where: From remote
Impact: Security Bypass
Released: 2006-02-28
A weakness has been reported in Issue Dealer, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/19018/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_________________________________
InfoSec News v2.0 - Coming Soon!
http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Fri Mar 03 2006 - 02:52:39 PST