[ISN] Secunia Weekly Summary - Issue: 2006-15

From: InfoSec News (isn@private)
Date: Thu Apr 13 2006 - 23:34:07 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2006-04-06 - 2006-04-13                        

                       This week : 72 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Tuesday, Microsoft issued the long awaited patch for the "Extremely
Critical" createTextRange() vulnerability in Internet Explorer, which
was originally discovered by Secunia Research and disclosed to
Microsoft on 13th February for a co-ordinated disclosure.

However, on 22nd March the vulnerability was publicly disclosed by an
independent third party and exploit code was soon created and
published by different researchers.

Microsoft also issued patches for other critical vulnerabilities, for
more details see the following Secunia Advisories:
http://secunia.com/SA19617
http://secunia.com/SA19623
http://secunia.com/SA18957
http://secunia.com/SA19583
http://secunia.com/SA19606

VIRUS ALERTS:

Secunia has not issued any virus alerts during the week.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA19521] Internet Explorer Window Loading Race Condition Address
              Bar Spoofing
2.  [SA18680] Microsoft Internet Explorer "createTextRange()" Code
              Execution
3.  [SA19534] ClamAV Multiple Vulnerabilities
4.  [SA19495] Linux Kernel SYSFS Local Denial of Service Vulnerability
5.  [SA19218] Flash Player Unspecified Code Execution Vulnerabilities
6.  [SA19118] AVG Anti-Virus Updated Files Insecure File Permissions
7.  [SA19553] Cisco Optical Networking System 15000 Series Multiple
              Vulnerabilities
8.  [SA19556] phpMyAdmin Cross-Site Scripting Vulnerabilities
9.  [SA19569] Hosting Controller "forum.mdb" Exposure of User
              Credentials
10. [SA19552] Cisco 11500 Content Services Switch HTTP Compression
              Denial of Service

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA19583] Microsoft Data Access Components RDS.Dataspace ActiveX
Vulnerability
[SA19617] Outlook Express Windows Address Book File Vulnerability
[SA19606] Microsoft Windows Explorer COM Object Handling Vulnerability
[SA19569] Hosting Controller "forum.mdb" Exposure of User Credentials
[SA19566] SAXoPRESS "url" Parameter Directory Traversal Vulnerability
[SA19623] Microsoft FrontPage Server Extensions Cross-Site Scripting

UNIX/Linux:
[SA19619] Debian update for horde3
[SA19608] SUSE update for clamav
[SA19571] SUSE Updates for Multiple Packages
[SA19570] Trustix updates for multiple packages
[SA19567] Gentoo update for clamav
[SA19564] Mandriva update for clamav
[SA19557] Ubuntu update for kaffeine
[SA19644] Ubuntu Updates for Multiple Packages
[SA19624] SGI ProPack XFree86 Multiple Vulnerabilities
[SA19607] SGI ProPack kernel Multiple Vulnerabilities
[SA19597] Mandriva update for sash
[SA19591] Debian update for moodle
[SA19590] Debian update for cacti
[SA19586] Matt Wright Guestbook Script Insertion Vulnerabilities
[SA19572] xzgv JPEG Image Parsing Heap Overflow Vulnerability
[SA19565] Mandriva update for mplayer
[SA19555] Debian update for libphp-adodb
[SA19589] Debian mnogosearch Insecure Password Storage Security Issue
[SA19614] VegaDNS "cid" Parameter SQL Injection Vulnerability
[SA19598] Mandriva update for openvpn
[SA19595] Shadowed Portal Pages Module Cross-Site Scripting
[SA19587] Cherokee Web Server Cross-Site Scripting Vulnerability
[SA19561] HP-UX update for wu-ftpd
[SA19558] Mailman Private Archive Script Cross-Site Scripting
[SA19638] Sun Solaris LDAP2 Client Commands Security Issue
[SA19560] HP-UX Unspecified "su" LDAP Netgroup Vulnerability
[SA19559] fbida fbgs Insecure Temporary File Creation Vulnerability
[SA19577] Debian update for libimager-perl
[SA19627] Sun Solaris "sh" Process Denial of Service Vulnerability
[SA19573] Linux Kernel "__keyring_search_one()" Denial of Service

Other:


Cross Platform:
[SA19630] AzDGVote "int_path" File Inclusion Vulnerabilities
[SA19628] Simplog Multiple Vulnerabilities and Security Issues
[SA19625] phpListPro "returnpath" File Inclusion Vulnerability
[SA19588] Autonomous LAN Party File Inclusion Vulnerability
[SA19576] Dokeos File Inclusion Vulnerabilities
[SA19634] MvBlog Script Insertion and SQL Injection Vulnerabilities
[SA19618] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service
[SA19613] JBook Multiple Vulnerabilities
[SA19611] Confixx Pro Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA19609] Clansys "showid" SQL Injection Vulnerability
[SA19604] Dokeos "topic" Parameter SQL Injection Vulnerability
[SA19602] XBrite Members "id" SQL Injection Vulnerability
[SA19601] dnGuestbook admin.php SQL Injection Vulnerability
[SA19600] PHPOpenChat ADOdb Insecure Test Scripts Security Issues
[SA19593] Shopweezle Multiple SQL Injection Vulnerabilities
[SA19592] apt-webshop-system Multiple Vulnerabilities
[SA19584] Chipmunk Guestbook "username" SQL Injection Vulnerability
[SA19580] Gallery Unspecified Script Insertion Vulnerabilities
[SA19578] MAXdev MD-Pro "topicid" SQL Injection Vulnerability
[SA19568] MWNewsletter Multiple Vulnerabilities
[SA19563] MAXdev MD-Pro ADOdb "server.php" Insecure Test Script
Security Issue
[SA19554] Andy's PHP Knowledgebase Cross-Site Scripting and Script
Insertion
[SA19636] Manila Multiple Cross-Site Scripting Vulnerabilities
[SA19635] Tritanium Bulletin Board register.php Cross-Site Scripting
[SA19629] Autogallery Cross-Site Scripting Vulnerability
[SA19622] interaktiv.shop Cross-Site Scripting Vulnerability
[SA19610] PHPWebGallery Multiple Cross-Site Scripting Vulnerabilities
[SA19603] JetPhoto Server "name" and "page" Cross-Site Scripting
[SA19594] Web+Shop "deptname" Parameter Cross-Site Scripting
[SA19582] Jupiter Content Manager "layout" Cross-Site Scripting
[SA19579] Clever Copy connect.inc Information Disclosure Security
Issue
[SA19562] vBulletin vBug Tracker Module "sortorder" Cross-Site
Scripting
[SA19556] phpMyAdmin Cross-Site Scripting Vulnerabilities
[SA19574] Oracle Database Access Restrictions Bypass Vulnerability
[SA19599] PHP "phpinfo()" Cross-Site Scripting and Security Bypass
[SA19575] Imager JPEG/TGA Image Processing Denial of Service

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA19583] Microsoft Data Access Components RDS.Dataspace ActiveX
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-11

A vulnerability has been reported in Microsoft Data Access Components
(MDAC), which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/19583/

 --

[SA19617] Outlook Express Windows Address Book File Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-04-11

A vulnerability has been reported in Microsoft Outlook Express, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19617/

 --

[SA19606] Microsoft Windows Explorer COM Object Handling Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-04-11

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19606/

 --

[SA19569] Hosting Controller "forum.mdb" Exposure of User Credentials

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-04-07

Syst3m_f4ult has reported a security issue in Hosting Controller, which
can be exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/19569/

 --

[SA19566] SAXoPRESS "url" Parameter Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-04-12

Data Security has reported a vulnerability in SAXoPRESS, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/19566/

 --

[SA19623] Microsoft FrontPage Server Extensions Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-11

A vulnerability has been reported in Microsoft FrontPage Server
Extensions, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19623/


UNIX/Linux:--

[SA19619] Debian update for horde3

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information,
System access
Released:    2006-04-13

Debian has issued an update for horde3. This fixes some
vulnerabilities, which can be exploited by malicious users to conduct
script insertion attacks, and by malicious people to disclose sensitive
information or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19619/

 --

[SA19608] SUSE update for clamav

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-04-11

SUSE has issued an update for clamav. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19608/

 --

[SA19571] SUSE Updates for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2006-04-10

SUSE has issued updates for multiple packages. These fix some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19571/

 --

[SA19570] Trustix updates for multiple packages

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2006-04-10

Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which can be exploited by malicious people to gain
knowledge of potentially sensitive information, potentially cause a DoS
(Denial of Service), and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19570/

 --

[SA19567] Gentoo update for clamav

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-04-10

Gentoo has issued an update for clamav. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19567/

 --

[SA19564] Mandriva update for clamav

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-04-10

Mandriva has issued an update for clamav. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19564/

 --

[SA19557] Ubuntu update for kaffeine

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-07

Ubuntu has issued an update for kaffeine. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/19557/

 --

[SA19644] Ubuntu Updates for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2006-04-13



Full Advisory:
http://secunia.com/advisories/19644/

 --

[SA19624] SGI ProPack XFree86 Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2006-04-12

SGI has acknowledged some vulnerabilities in SGI ProPack, which
potentially can be exploited by malicious, local users to gain
escalated privileges and potentially by malicious people to compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/19624/

 --

[SA19607] SGI ProPack kernel Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS
Released:    2006-04-11

SGI has acknowledged some vulnerabilities in SGI ProPack, which can be
exploited by malicious, local users to cause a DoS (Denial of Service),
gain knowledge of potentially sensitive information, and gain escalated
privileges, and by malicious people to cause a DoS or bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/19607/

 --

[SA19597] Mandriva update for sash

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-04-11

Mandriva has issued an update for sash. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
a DoS (Denial of Service) against a vulnerable application or
potentially execute arbitrary code.

Full Advisory:
http://secunia.com/advisories/19597/

 --

[SA19591] Debian update for moodle

Critical:    Moderately critical
Where:       From remote
Impact:      System access, Exposure of system information,
Manipulation of data, Cross Site Scripting, Security Bypass
Released:    2006-04-10

Debian has issued an update for moodle. This fixes two security issues
and some vulnerabilities, which can be exploited by malicious people to
disclose system information, conduct cross-site scripting attacks,
execute arbitrary SQL code, and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/19591/

 --

[SA19590] Debian update for cacti

Critical:    Moderately critical
Where:       From remote
Impact:      System access, Exposure of system information,
Manipulation of data, Cross Site Scripting, Security Bypass
Released:    2006-04-10

Debian has issued an update for cacti. This fixes two security issues
and some vulnerabilities, which can be exploited by malicious people to
disclose system information, conduct cross-site scripting attacks,
execute arbitrary SQL code, and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/19590/

 --

[SA19586] Matt Wright Guestbook Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-10

Some vulnerabilities have been discovered in Matt Wright Guestbook,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/19586/

 --

[SA19572] xzgv JPEG Image Parsing Heap Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-04-10

A vulnerability has been reported in xzgv, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19572/

 --

[SA19565] Mandriva update for mplayer

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-04-10

Mandriva has issued an update for mplayer. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/19565/

 --

[SA19555] Debian update for libphp-adodb

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, System access
Released:    2006-04-10

Debian has issued an update for libphp-adodb. This fixes two security
issues and some vulnerabilities, which can be exploited by malicious
people to disclose system information, conduct cross-site scripting
attacks, execute arbitrary SQL code, and potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/19555/

 --

[SA19589] Debian mnogosearch Insecure Password Storage Security Issue

Critical:    Moderately critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-04-11

Andrew Pam has discovered a security issue in Debian mnogosearch, which
can be exploited by malicious, local users to gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/19589/

 --

[SA19614] VegaDNS "cid" Parameter SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-04-11

Ph03n1X has discovered a vulnerability in VegaDNS, which can be
exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19614/

 --

[SA19598] Mandriva update for openvpn

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2006-04-11

Mandriva has issued an update for openvpn. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/19598/

 --

[SA19595] Shadowed Portal Pages Module Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-10

Liz0ziM has reported a vulnerability in Shadowed Portal, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19595/

 --

[SA19587] Cherokee Web Server Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-10

Ruben Garrote Garcia has reported a vulnerability in Cherokee, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/19587/

 --

[SA19561] HP-UX update for wu-ftpd

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-04-07

HP has issued an update for wu-ftpd. This fixes a vulnerability, which
can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/19561/

 --

[SA19558] Mailman Private Archive Script Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-07

A vulnerability has been reported in Mailman, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19558/

 --

[SA19638] Sun Solaris LDAP2 Client Commands Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-04-12

A security issue has been reported in Sun Solaris, which can be
exploited by malicious, local users to gain knowledge of sensitive
information.

Full Advisory:
http://secunia.com/advisories/19638/

 --

[SA19560] HP-UX Unspecified "su" LDAP Netgroup Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-04-07

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/19560/

 --

[SA19559] fbida fbgs Insecure Temporary File Creation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-04-10

Jan Braun has reported a vulnerability in fbida, which can be exploited
by malicious, local users to perform certain actions on a vulnerable
system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/19559/

 --

[SA19577] Debian update for libimager-perl

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2006-04-10

Debian has issued an update for libimager-perl. This fixes a
vulnerability, which can be exploited by malicious people to crash
certain applications on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19577/

 --

[SA19627] Sun Solaris "sh" Process Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-04-12

A vulnerability has been reported in Solaris, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/19627/

 --

[SA19573] Linux Kernel "__keyring_search_one()" Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-04-11

A vulnerability has been reported in Linux Kernel, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/19573/


Other:


Cross Platform:--

[SA19630] AzDGVote "int_path" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-12

SnIpEr_SA has discovered a vulnerability in AzDGVote, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19630/

 --

[SA19628] Simplog Multiple Vulnerabilities and Security Issues

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data, Exposure of system information, System access
Released:    2006-04-12

Some vulnerabilities and security issues have been discovered in
Simplog, which can be exploited by malicious people to disclose system
information, conduct cross-site scripting and SQL injection attacks,
execute arbitrary SQL code, and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19628/

 --

[SA19625] phpListPro "returnpath" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-12

Aesthetico has discovered a vulnerability in phpListPro, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19625/

 --

[SA19588] Autonomous LAN Party File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-10

Codexploder'tq has discovered a vulnerability in Autonomous LAN Party,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/19588/

 --

[SA19576] Dokeos File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-04-11

Two vulnerabilities have been discovered in Dokeos, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19576/

 --

[SA19634] MvBlog Script Insertion and SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-04-12

Some vulnerabilities have been reported in MvBlog, which can be
exploited by malicious people to conduct script insertion and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/19634/

 --

[SA19618] Cyrus SASL DIGEST-MD5 Pre-Authentication Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-04-11

Mu Security has reported a vulnerability in Cyrus SASL library, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/19618/

 --

[SA19613] JBook Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-04-11

Some vulnerabilities have been discovered in JBook, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/19613/

 --

[SA19611] Confixx Pro Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-04-12

Snake_23 has reported two vulnerabilities in Confixx Pro, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/19611/

 --

[SA19609] Clansys "showid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-04-11

snatcher has discovered a vulnerability in Clansys, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19609/

 --

[SA19604] Dokeos "topic" Parameter SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-04-11

Alvaro Olavarria has discovered a vulnerability in Dokeos, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19604/

 --

[SA19602] XBrite Members "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-04-10

snatcher has discovered a vulnerability in XBrite Members, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19602/

 --

[SA19601] dnGuestbook admin.php SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-04-11

snatcher has discovered a vulnerability in dnGuestbook, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19601/

 --

[SA19600] PHPOpenChat ADOdb Insecure Test Scripts Security Issues

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, System
access
Released:    2006-04-11

Two security issues have been discovered in PHPOpenChat, which can be
exploited by malicious people to disclose system information, execute
arbitrary SQL code, and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19600/

 --

[SA19593] Shopweezle Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-04-10

r0t has reported multiple vulnerabilities in Shopweezle, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19593/

 --

[SA19592] apt-webshop-system Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-04-10

r0t has reported some vulnerabilities in apt-webshop, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/19592/

 --

[SA19584] Chipmunk Guestbook "username" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-04-12

Dr.Jr7 has reported a vulnerability in Chipmunk Guestbook, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19584/

 --

[SA19580] Gallery Unspecified Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-10

Some vulnerabilities have been reported in Gallery, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/19580/

 --

[SA19578] MAXdev MD-Pro "topicid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information
Released:    2006-04-10

king_purba has discovered a vulnerability in MAXdev MD-Pro, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19578/

 --

[SA19568] MWNewsletter Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-04-07

Some vulnerabilities have been discovered in MWNewsletter, which can be
exploited by malicious people to conduct script insertion attacks and
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/19568/

 --

[SA19563] MAXdev MD-Pro ADOdb "server.php" Insecure Test Script
Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2006-04-11

A security issue has been reported in MAXdev MD-Pro, which can be
exploited by malicious people to execute arbitrary SQL code and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19563/

 --

[SA19554] Andy's PHP Knowledgebase Cross-Site Scripting and Script
Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-06

Brian has discovered some vulnerabilities in Andy's PHP Knowledgebase,
which can be exploited by malicious people to conduct cross-site
scripting and script insertion attacks.

Full Advisory:
http://secunia.com/advisories/19554/

 --

[SA19636] Manila Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-12

d4igoro has discovered some vulnerabilities in Manila, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19636/

 --

[SA19635] Tritanium Bulletin Board register.php Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-12

Some vulnerabilities have been discovered in Tritanium Bulletin Board,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/19635/

 --

[SA19629] Autogallery Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-12

0o_zeus_o0 has discovered a vulnerability in Autogallery, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19629/

 --

[SA19622] interaktiv.shop Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-12

r0t has reported a vulnerability in interaktiv.shop, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19622/

 --

[SA19610] PHPWebGallery Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-11

Psych0 has discovered multiple vulnerabilities in PHPWebGallery, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/19610/

 --

[SA19603] JetPhoto Server "name" and "page" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-11

0o_zeus_o0 has reported some vulnerabilities in JetPhoto Server, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/19603/

 --

[SA19594] Web+Shop "deptname" Parameter Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-11

r0t has reported a vulnerability in Web+Shop, which can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19594/

 --

[SA19582] Jupiter Content Manager "layout" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information
Released:    2006-04-11

KaDaL-X has discovered a vulnerability in Jupiter Content Manager,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/19582/

 --

[SA19579] Clever Copy connect.inc Information Disclosure Security
Issue

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-04-11

M.Hasran Addahroni has discovered a security issue in Clever Copy,
which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/19579/

 --

[SA19562] vBulletin vBug Tracker Module "sortorder" Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-07

r0t has reported a vulnerability in the vBug Tracker module for
vBulletin, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19562/

 --

[SA19556] phpMyAdmin Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-04-07

Some vulnerabilities have been reported in phpMyAdmin, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/19556/

 --

[SA19574] Oracle Database Access Restrictions Bypass Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2006-04-11

A vulnerability has been reported in Oracle Database, which can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/19574/

 --

[SA19599] PHP "phpinfo()" Cross-Site Scripting and Security Bypass

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2006-04-10

Maksymilian Arciemowicz has reported some vulnerabilities in PHP, which
can be exploited by malicious, local users to bypass certain security
restrictions and by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/19599/

 --

[SA19575] Imager JPEG/TGA Image Processing Denial of Service

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2006-04-10

Ole Kasper Olsen and Kjetil Kjernsmo have reported a vulnerability in
Imager, which can be exploited by malicious people to crash certain
applications on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/19575/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45




_________________________________
LayerOne 2006 : Pasadena Hilton : Pasadena, CA
Infomation Security and Technology Conference
http://layerone.info



This archive was generated by hypermail 2.1.3 : Fri Apr 14 2006 - 00:00:02 PDT