======================================================================== The Secunia Weekly Advisory Summary 2006-03-09 - 2006-03-16 This week : 56 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: The Secunia staff is spending hours every day to assure you the best and most reliable source for vulnerability information. Every single vulnerability report is being validated and verified before a Secunia advisory is written. Secunia validates and verifies vulnerability reports in many different ways e.g. by downloading the software and performing comprehensive tests, by reviewing source code, or by validating the credibility of the source from which the vulnerability report was issued. As a result, Secunia's database is the most correct and complete source for recent vulnerability information available on the Internet. Secunia Online Vulnerability Database: http://secunia.com/ ======================================================================== 2) This Week in Brief: Again this week Apple has released a security update, which fixes multiple vulnerabilities. However, the "Extremely Critical" vulnerability released on the 21st of February 2006 remains only partially fixed, due to the fact that it is still possible to trick users into opening malicious shell scripts (masqueraded as a safe file type) in ZIP archives. You can test whether or not your system is affected by this vulnerability here: http://secunia.com/mac_os_x_command_execution_vulnerability_test/ For additional details about the other vulnerabilities fixed please refer to SA19129, the first of the referenced Secunia advisories below. Details about the partial fixed vulnerability may be found in SA18963. References: http://secunia.com/SA19129 http://secunia.com/SA18963 -- Microsoft has released 2 security bulletins as part of their monthly patch release cycle. All users are advised to visit Windows Update and apply available patches. For additional details about the issues corrected, please refer to the referenced Secunia advisories below. References: http://secunia.com/SA19138 http://secunia.com/SA18756 -- Some vulnerabilities have been reported in Flash Player, which can be exploited by malicious people to compromise a user's system. See referenced Secunia advisory for a list of affected products as well as links to updated versions. Reference: http://secunia.com/SA19218 VIRUS ALERTS: Secunia has not issued any virus alerts during the week. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA19218] Flash Player Unspecified Code Execution Vulnerabilities 2. [SA19129] Mac OS X Security Update Fixes Multiple Vulnerabilities 3. [SA19138] Microsoft Office Multiple Code Execution Vulnerabilities 4. [SA19118] AVG Anti-Virus Updated Files Insecure File Permissions 5. [SA18963] Mac OS X File Association Meta Data Shell Script Execution 6. [SA19173] GnuPG Unsigned Data Injection Detection Vulnerability 7. [SA19175] Gallery "stepOrder[]" Local File Inclusion Vulnerability 8. [SA19189] Red Hat update for python 9. [SA19064] Mac OS X Security Update Fixes Multiple Vulnerabilities 10. [SA19150] Kerio MailServer IMAP LOGIN Denial of Service Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA19247] ASP Portal Cross-Site Scripting and SQL Injection Vulnerabilities [SA19191] Hosting Controller "search" Forum SQL Injection [SA19229] Adobe Document/Graphics Server File URI Resource Access [SA19238] Avaya Modular Messaging Windows Privilege Escalation Security Issues [SA19217] AntiVir PersonalEdition Update Report Privilege Escalation UNIX/Linux: [SA19237] CrossFire "SetUp()" Buffer Overflow Vulnerability [SA19230] SGI Advanced Linux Environment Multiple Updates [SA19226] Debian update for metamail [SA19210] Debian update for bomberclone [SA19199] Gentoo cube Buffer Overflow and Denial of Service [SA19244] Fedora update for gnupg [SA19241] Apache Log4net Denial of Service Vulnerability [SA19236] Gentoo update for tar [SA19234] Debian update for gnupg [SA19232] Gentoo update for gnupg [SA19228] Gentoo update for flex [SA19227] Debian update for freeciv [SA19203] Slackware update for gnupg [SA19197] SUSE update for gpg [SA19196] Trustix update for mailman [SA19194] Debian update for crossfire [SA19193] SCO OpenServer Updates for Multiple Packages [SA19192] Debian update for ffmpeg [SA19190] Red Hat update for kdegraphics [SA19189] Red Hat update for python [SA19240] Debian update for webcalendar [SA19225] sa-exim "greylistclean.cron" File Deletion Vulnerability [SA19221] glFTPd IP Address Check Bypass Vulnerability [SA19211] CGI::Session Insecure Default Session File Permissions [SA19205] Gentoo update for squirrelmail [SA19187] Debian update for libcrypt-cbc-perl [SA19239] Apache mod_python FileSession Handling Vulnerability [SA19235] AIX "mklvcopy" Command Unspecified Vulnerability [SA19220] Ubuntu update for kernel [SA19200] Ubuntu Installer Log Files Exposure of User Credentials Other: [SA19233] Funkwerk X2300 ISAKMP IKE Message Processing Vulnerabilities Cross Platform: [SA19218] Flash Player Unspecified Code Execution Vulnerabilities [SA19246] Horde "url" Disclosure of Sensitive Information Vulnerability [SA19245] Drupal Multiple Vulnerabilities [SA19224] @1 File Store Script Insertion and SQL Injection [SA19222] GuppY "pg" Arbitrary File Overwrite Vulnerability [SA19219] Vegas Forum "postid" SQL Injection Vulnerability [SA19215] Jupiter Content Manager "image" BBcode Script Insertion [SA19214] Zeroboard Multiple Script Insertion Vulnerabilities [SA19209] DSPoll "pollid" SQL Injection Vulnerability [SA19208] ENet Library Two Denial of Service Vulnerabilities [SA19207] DSNewsletter "email" SQL Injection Vulnerability [SA19206] DSCounter "X-Forwarded-For" SQL Injection Vulnerability [SA19202] DSDownload Multiple SQL Injection Vulnerabilities [SA19201] DSLogin Multiple SQL Injection Vulnerabilities [SA19195] PHP SimpleNEWS "admin" Authentication Bypass [SA19216] vCard Cross-Site Scripting Vulnerabilities [SA19212] GGZ Gaming Zone XML Handling Denial of Service [SA19204] WMNews Cross-Site Scripting Vulnerabilities [SA19188] UnrealIRCd Server Link TKL Command Denial of Service [SA19186] DokuWiki Mediamanager EXIF Data Cross-Site Scripting Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA19247] ASP Portal Cross-Site Scripting and SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-03-15 CodeScan Labs have reported some vulnerabilities in ASP Portal, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/19247/ -- [SA19191] Hosting Controller "search" Forum SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-03-10 "nope" has discovered a vulnerability in Hosting Controller, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/19191/ -- [SA19229] Adobe Document/Graphics Server File URI Resource Access Critical: Moderately critical Where: From local network Impact: Manipulation of data, Exposure of sensitive information, System access Released: 2006-03-15 Secunia Research has discovered a vulnerability in Adobe Document Server and Adobe Graphics Server, which can be exploited by malicious people to gain knowledge of potentially sensitive information, overwrite arbitrary files, or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/19229/ -- [SA19238] Avaya Modular Messaging Windows Privilege Escalation Security Issues Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-03-15 Avaya has acknowledged some security issues in Avaya Modular Messaging, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/19238/ -- [SA19217] AntiVir PersonalEdition Update Report Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-03-13 Ramon 'ports' Kukla has discovered a vulnerability in AntiVir PersonalEdition Classic, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/19217/ UNIX/Linux:-- [SA19237] CrossFire "SetUp()" Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-03-14 landser has discovered a vulnerability in CrossFire, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/19237/ -- [SA19230] SGI Advanced Linux Environment Multiple Updates Critical: Highly critical Where: From remote Impact: Cross Site Scripting, DoS, System access Released: 2006-03-14 SGI has issued a patch for SGI Advanced Linux Environment. This fixes some vulnerabilities and a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service), conduct cross-site scripting attacks, and potentially to compromise a user's system. Full Advisory: http://secunia.com/advisories/19230/ -- [SA19226] Debian update for metamail Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-03-13 Debian has issued an update for metamail. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/19226/ -- [SA19210] Debian update for bomberclone Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-03-14 Debian has issued an update for bomberclone. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/19210/ -- [SA19199] Gentoo cube Buffer Overflow and Denial of Service Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-03-13 Gentoo has acknowledged some vulnerabilities in cube, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/19199/ -- [SA19244] Fedora update for gnupg Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2006-03-14 Fedora has issued an update for gnupg. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/19244/ -- [SA19241] Apache Log4net Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-03-14 Sebastian Krahmer has reported a vulnerability in Log4net, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/19241/ -- [SA19236] Gentoo update for tar Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-03-13 Gentoo has issued an update for tar. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) and to compromise a user's system. Full Advisory: http://secunia.com/advisories/19236/ -- [SA19234] Debian update for gnupg Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2006-03-13 Debian has issued an update for gnupg. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/19234/ -- [SA19232] Gentoo update for gnupg Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2006-03-13 Gentoo has issued an update for gnupg. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/19232/ -- [SA19228] Gentoo update for flex Critical: Moderately critical Where: From remote Impact: System access Released: 2006-03-13 Gentoo has issued an update for flex. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/19228/ -- [SA19227] Debian update for freeciv Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-03-13 Debian has issued an update for freeciv. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/19227/ -- [SA19203] Slackware update for gnupg Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2006-03-14 Slackware has issued an update for gnupg. This fixes a vulnerability and a security issue, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/19203/ -- [SA19197] SUSE update for gpg Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2006-03-13 SUSE has issued an update for gpg. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/19197/ -- [SA19196] Trustix update for mailman Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-03-10 Trustix has issued an update for mailman. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/19196/ -- [SA19194] Debian update for crossfire Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-03-15 Debian has issued an update for crossfire. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/19194/ -- [SA19193] SCO OpenServer Updates for Multiple Packages Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-03-15 SCO has issued updates for multiple packages. These fix various vulnerabilities, which can be exploited by malicious people to potentially cause a DoS (Denial of Service) and to compromise a user's system or vulnerable system. Full Advisory: http://secunia.com/advisories/19193/ -- [SA19192] Debian update for ffmpeg Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-03-13 Debian has issued an update for ffmpeg. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system. Full Advisory: http://secunia.com/advisories/19192/ -- [SA19190] Red Hat update for kdegraphics Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-03-10 Red Hat has issued an update for kdegraphics. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/19190/ -- [SA19189] Red Hat update for python Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-03-10 Red Hat has issued an update for python. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/19189/ -- [SA19240] Debian update for webcalendar Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-03-15 Debian has issued an update for webcalendar. This fixes some vulnerabilities, which can be exploited by malicious users to manipulate certain information and conduct SQL injection attacks, and by malicious people to conduct HTTP response splitting attacks. Full Advisory: http://secunia.com/advisories/19240/ -- [SA19225] sa-exim "greylistclean.cron" File Deletion Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-03-13 Chris Morris has reported a vulnerability in sa-exim, which potentially can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/19225/ -- [SA19221] glFTPd IP Address Check Bypass Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-03-15 A vulnerability has been reported in glFTPd, which potentially can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/19221/ -- [SA19211] CGI::Session Insecure Default Session File Permissions Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2006-03-13 Joey Hess has reported some security issues in CGI::Session, which potentially can be exploited by malicious, local users and by malicious people to disclose certain sensitive information. Full Advisory: http://secunia.com/advisories/19211/ -- [SA19205] Gentoo update for squirrelmail Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-03-13 Gentoo has issued an update for squirrelmail. This fixes some vulnerabilities, which can be exploited by malicious users to manipulate certain information and by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/19205/ -- [SA19187] Debian update for libcrypt-cbc-perl Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-03-13 Debian has issued an update for libcrypt-cbc-perl. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/19187/ -- [SA19239] Apache mod_python FileSession Handling Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-03-14 A vulnerability has been reported in mod_python, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/19239/ -- [SA19235] AIX "mklvcopy" Command Unspecified Vulnerability Critical: Less critical Where: Local system Impact: Unknown Released: 2006-03-15 A vulnerability has been reported in IBM AIX, which has an unknown impact. Full Advisory: http://secunia.com/advisories/19235/ -- [SA19220] Ubuntu update for kernel Critical: Less critical Where: Local system Impact: Exposure of sensitive information, DoS Released: 2006-03-13 Ubuntu has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and gain knowledge of potentially sensitive information. Full Advisory: http://secunia.com/advisories/19220/ -- [SA19200] Ubuntu Installer Log Files Exposure of User Credentials Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2006-03-13 Karl Řie has reported a security issue in Ubuntu, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/19200/ Other:-- [SA19233] Funkwerk X2300 ISAKMP IKE Message Processing Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, DoS Released: 2006-03-15 Some vulnerabilities have been reported in Funkwerk X2300, which potentially can be exploited by malicious people to cause a DoS (Denial of Service), and with an unknown impact. Full Advisory: http://secunia.com/advisories/19233/ Cross Platform:-- [SA19218] Flash Player Unspecified Code Execution Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2006-03-15 Some vulnerabilities have been reported in Flash Player, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/19218/ -- [SA19246] Horde "url" Disclosure of Sensitive Information Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2006-03-15 Paul Craig has discovered a vulnerability in Horde, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/19246/ -- [SA19245] Drupal Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Hijacking, Security Bypass, Cross Site Scripting, Manipulation of data Released: 2006-03-14 Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and manipulate outgoing mails. Full Advisory: http://secunia.com/advisories/19245/ -- [SA19224] @1 File Store Script Insertion and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-03-13 Aliaksandr Hartsuyeu has reported some vulnerabilities in @1 File Store, which can be exploited by malicious people to conduct script insertion and SQL injection attacks. Full Advisory: http://secunia.com/advisories/19224/ -- [SA19222] GuppY "pg" Arbitrary File Overwrite Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-03-13 trueend5 has reported a vulnerability in GuppY, which can be exploited by malicious people to manipulate certain information. Full Advisory: http://secunia.com/advisories/19222/ -- [SA19219] Vegas Forum "postid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-03-14 Aliaksandr Hartsuyeu has reported a vulnerability in Vegas Forum, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/19219/ -- [SA19215] Jupiter Content Manager "image" BBcode Script Insertion Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2006-03-13 Nomenumbra/[0x4F4C] has discovered a vulnerability in Jupiter Content Manager, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/19215/ -- [SA19214] Zeroboard Multiple Script Insertion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2006-03-13 dong-houn yoU has reported some vulnerabilities in Zeroboard, which can be exploited by malicious people to conduct script-insertion attacks. Full Advisory: http://secunia.com/advisories/19214/ -- [SA19209] DSPoll "pollid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-03-13 Aliaksandr Hartsuyeu has reported a vulnerability in DSPoll, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/19209/ -- [SA19208] ENet Library Two Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-03-13 Luigi Auriemma has reported two vulnerabilities in ENet Library, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/19208/ -- [SA19207] DSNewsletter "email" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-03-13 Aliaksandr Hartsuyeu has reported a vulnerability in DSNewsletter, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/19207/ -- [SA19206] DSCounter "X-Forwarded-For" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-03-13 Aliaksandr Hartsuyeu has reported a vulnerability in DSCounter, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/19206/ -- [SA19202] DSDownload Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-03-13 Aliaksandr Hartsuyeu has discovered some vulnerabilities in DSDownload, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/19202/ -- [SA19201] DSLogin Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-03-14 Aliaksandr Hartsuyeu has discovered multiple vulnerabilities in DSLogin, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/19201/ -- [SA19195] PHP SimpleNEWS "admin" Authentication Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2006-03-10 Aliaksandr Hartsuyeu has reported a vulnerability in PHP SimpleNEWS and PHP SimpleNEWS MySQL, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/19195/ -- [SA19216] vCard Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-03-13 Linux_Drox has reported some vulnerabilities in vCard, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/19216/ -- [SA19212] GGZ Gaming Zone XML Handling Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2006-03-13 Luigi Auriemma has reported a vulnerability in GGZ Gaming Zone, which can be exploited by malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/19212/ -- [SA19204] WMNews Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-03-13 R00T3RR0R has reported some vulnerabilities in WMNews, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/19204/ -- [SA19188] UnrealIRCd Server Link TKL Command Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2006-03-10 A vulnerability has been reported in UnrealIRCd, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/19188/ -- [SA19186] DokuWiki Mediamanager EXIF Data Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-03-10 A vulnerability has been reported in DokuWiki, which potentially can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/19186/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Fri Mar 17 2006 - 00:48:45 PST