[ISN] Secunia Weekly Summary - Issue: 2006-25

From: InfoSec News (isn@private)
Date: Fri Jun 23 2006 - 12:38:37 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2006-06-15 - 2006-06-22                        

                       This week: 69 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single 
vulnerability report is being validated and verified before a Secunia
advisory is written.

Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.

As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.

Secunia Online Vulnerability Database:
http://secunia.com/

========================================================================
2) This Week in Brief:

Two vulnerabilities have been discovered in Microsoft Windows and
Microsoft Excel, which can be exploited to compromise a vulnerable
system.

The first SA20686 has, according to Microsoft, already been used in
targeted "Zero-day" attacks against a few companies.

Currently, no patches are available from Microsoft. Please refer to
the referenced Secunia advisories below for additional details.

References:
http://secunia.com/SA20686
http://secunia.com/SA20748

 --

A vulnerability has been discovered in WinAmp, which potentially can
be exploited by malicious people to compromise a user's system.

An updated version has been released by the vendor that fixes this
vulnerability.

Reference:
http://secunia.com/SA20722

 --

VIRUS ALERTS:

During the past week Secunia collected 224 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA20686] Microsoft Excel Repair Mode Code Execution Vulnerability
2.  [SA20748] Microsoft Office Long Link Buffer Overflow Vulnerability
3.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
4.  [SA20595] Microsoft Internet Explorer Multiple Vulnerabilities
5.  [SA20576] Adobe Reader Unspecified Vulnerabilities
6.  [SA20699] Cisco Secure ACS for Unix Cross-Site Scripting
              Vulnerability
7.  [SA20722] WinAmp MIDI File Handling Buffer Overflow Vulnerability
8.  [SA15601] Mozilla / Mozilla Firefox Frame Injection Vulnerability
9.  [SA15779] Sendmail Multi-Part MIME Message Handling Denial of
              Service
10. [SA20661] Horde Cross-Site Scripting Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA20748] Microsoft Windows Hyperlink Object Library Buffer Overflow
[SA20722] WinAmp MIDI File Handling Buffer Overflow Vulnerability
[SA20721] ASP Stats Generator SQL Injection and Code Injection
[SA20719] Hitachi Products MDAC RDS.Dataspace ActiveX Vulnerability
[SA20756] MAILsweeper for SMTP/Exchange Multiple Vulnerabilities
[SA20752] Maximus SchoolMAX "error_msg" Parameter Cross-Site Scripting
[SA20743] Hosting Controller Privilege Escalation Vulnerability
[SA20698] SSPwiz Plus "message" Cross-Site Scripting Vulnerability

UNIX/Linux:
[SA20710] SUSE update for awstats
[SA20709] Gentoo update for mozilla-thunderbird
[SA20708] Gentoo update for typespeed
[SA20766] SUSE Updates for Multiple Packages
[SA20716] Ubuntu update for kernel
[SA20715] Trustix update for libtiff
[SA20712] Ubuntu update for mysql-dfsg
[SA20703] Linux Kernel "xt_sctp" Denial of Service Vulnerability
[SA20694] Mandriva update for sendmail
[SA20693] Mandriva update for libtiff
[SA20690] Gentoo update for pam_mysql
[SA20692] Mandriva update for spamassassin
[SA20750] Debian update for horde2
[SA20734] CHM Lib "extract_chmLib" Directory Traversal Vulnerability
[SA20699] Cisco Secure ACS for Unix Cross-Site Scripting Vulnerability
[SA20754] dhcdbd DHCP Message Handling Denial of Service
[SA20702] Mandriva update for kdebase
[SA20729] NetPBM pamtofits Off-By-One Buffer Overflow Vulnerability
[SA20711] HP-UX Support Tools Manager Denial of Service Vulnerability

Other:
[SA20726] FortiMail Sendmail Multi-Part MIME Message Handling
Vulnerability
[SA20720] FortiGate FTP Anti-Virus Scanning Bypass Vulnerability

Cross Platform:
[SA20771] Ralf Image Gallery File Inclusion Vulnerabilities
[SA20769] SmartSiteCMS "root" File Inclusion Vulnerability
[SA20768] BandSite CMS "root_path" File Inclusion Vulnerabilities
[SA20758] Micro CMS "microcms_path" Parameter File Inclusion
Vulnerability
[SA20744] Ad Manager Pro "ipath" Parameter File Inclusion
Vulnerability
[SA20733] easy-CMS Multiple File Extensions Vulnerability
[SA20731] Eduha Meeting PHP File Upload Vulnerability
[SA20713] CMS Faethon "mainpath" File Inclusion and Cross-Site
Scripting Vulnerabilities
[SA20695] Bitweaver Multiple Vulnerabilities and Weakness
[SA20772] Invision Power Board Hexadecimal HTML Entities Script
Insertion
[SA20763] IMGallery "galerie.php" SQL Injection Vulnerabilities
[SA20761] Ultimate Estate Cross-Site Scripting and SQL Injection
[SA20753] BtitTracker "torrents.php" SQL Injection Vulnerabilities
[SA20747] thinkWMS Multiple SQL Injection Vulnerabilities
[SA20746] Joomla! "Name" SQL Injection Vulnerability
[SA20745] Mambo "Name" SQL Injection Vulnerability
[SA20740] phpTRADER SQL Injection Vulnerabilities
[SA20739] xarancms "id" Parameter SQL Injection Vulnerability
[SA20738] tplShop "first_row" Parameter SQL Injection Vulnerability
[SA20732] IBM WebSphere Application Server Multiple Vulnerabilities
[SA20730] VUBB SQL Injection and Cross-Site Scripting Vulnerabilities
[SA20727] e107 Cross-Site Scripting and Script Insertion
[SA20724] singapore "template" Parameter Local File Inclusion
Vulnerability
[SA20706] Clubpage Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA20705] Free Realty "sort" SQL Injection Vulnerability
[SA20704] Open-Realty "sorttype" SQL Injection Vulnerability
[SA20701] VBZooM "QuranID" SQL Injection Vulnerability
[SA20700] Groupmax Address/Mail Server Denial of Service Vulnerability
[SA20696] Virtual War "war.php" SQL Injection Vulnerabilities
[SA20767] Atlassian JIRA Enterprise Edition Cross-Site Scripting
Vulnerability
[SA20764] myPHP Guestbook Cross-Site Scripting Vulnerabilities
[SA20742] UltimateGoogle "REQ" Cross-Site Scripting Vulnerability
[SA20737] Ultimate eShop "subid" Cross-Site Scripting Vulnerability
[SA20736] Tradingeye Shop "image" Cross-Site Scripting Vulnerability
[SA20735] Cisco CallManager Web Interface Cross-Site Scripting
Vulnerabilities
[SA20728] Confixx Pro Cross-Site Scripting Vulnerabilities
[SA20725] AssoCIateD "menu" Cross-Site Scripting Vulnerability
[SA20718] phpMyDirectory Cross-Site Scripting Vulnerabilities
[SA20697] iPostMX 2005 "RETURNURL" Cross-Site Scripting
Vulnerabilities
[SA20691] NC LinkList "index.php" Cross-Site Scripting Vulnerabilities

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA20748] Microsoft Windows Hyperlink Object Library Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-20

kcope has discovered a vulnerability in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20748/

 --

[SA20722] WinAmp MIDI File Handling Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-06-21

BassReFLeX has discovered a vulnerability in WinAmp, which potentially
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20722/

 --

[SA20721] ASP Stats Generator SQL Injection and Code Injection

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2006-06-19

Hamid Ebadi  has reported two vulnerabilities in ASP Stats Generator,
which can be exploited by malicious people to conduct SQL injection
attacks and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20721/

 --

[SA20719] Hitachi Products MDAC RDS.Dataspace ActiveX Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-20

Hitachi has acknowledged a vulnerability in various products, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20719/

 --

[SA20756] MAILsweeper for SMTP/Exchange Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2006-06-21

Some vulnerabilities have been reported in MAILsweeper for
SMTP/Exchange, which can be exploited by malicious people to bypass
certain security restrictions and potentially cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/20756/

 --

[SA20752] Maximus SchoolMAX "error_msg" Parameter Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-20

Charles H. has reported a vulnerability in Maximus SchoolMAX, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/20752/

 --

[SA20743] Hosting Controller Privilege Escalation Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation
Released:    2006-06-20

A vulnerability has been reported in Hosting Controller, which can be
exploited by malicious users to perform certain actions with escalated
privileges.

Full Advisory:
http://secunia.com/advisories/20743/

 --

[SA20698] SSPwiz Plus "message" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-16

r0t has reported a vulnerability in SSPwiz Plus, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20698/


UNIX/Linux:--

[SA20710] SUSE update for awstats

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2006-06-20

SUSE has issued an update for awstats. This fixes a vulnerability and a
security issue, which can be exploited by malicious people to bypass
certain security restrictions or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20710/

 --

[SA20709] Gentoo update for mozilla-thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, System access
Released:    2006-06-20

Gentoo has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and HTTP
response smuggling attacks, and potentially compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/20709/

 --

[SA20708] Gentoo update for typespeed

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-20

Gentoo has issued an update for typespeed. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/20708/

 --

[SA20766] SUSE Updates for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2006-06-21

SUSE has issued updates for multiple packages. These fix some
vulnerabilities and a weakness, which can be exploited by malicious
people to bypass certain security restrictions, to cause a DoS (Denial
of Service) or potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20766/

 --

[SA20716] Ubuntu update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, DoS
Released:    2006-06-19

Ubuntu has released an update for the kernel. This fixes some
vulnerabilities and weaknesses, which can be exploited by malicious,
local users to cause a DoS (Denial of Service), gain knowledge of
potentially sensitive information and bypass certain security
restrictions, and by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/20716/

 --

[SA20715] Trustix update for libtiff

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-06-19

Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/20715/

 --

[SA20712] Ubuntu update for mysql-dfsg

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-19

Ubuntu has issued an update for mysql-dfsg. This fixes a vulnerability,
which potentially can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/20712/

 --

[SA20703] Linux Kernel "xt_sctp" Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-06-20

A vulnerability has been reported in Linux Kernel, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20703/

 --

[SA20694] Mandriva update for sendmail

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-06-16

Mandriva has issued an update for sendmail. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/20694/

 --

[SA20693] Mandriva update for libtiff

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-06-16

Mandriva has issued an update for libtiff. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20693/

 --

[SA20690] Gentoo update for pam_mysql

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-06-16

Gentoo has issued an update for pam_mysql. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to cause a DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20690/

 --

[SA20692] Mandriva update for spamassassin

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-06-16

Mandriva has issued an update for spamassassin. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20692/

 --

[SA20750] Debian update for horde2

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-19

Debian has issued an update for horde2. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20750/

 --

[SA20734] CHM Lib "extract_chmLib" Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2006-06-19

A vulnerability has been reported in CHM Lib (chmlib), which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/20734/

 --

[SA20699] Cisco Secure ACS for Unix Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-16

A vulnerability has been reported in Cisco Secure ACS for Unix, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/20699/

 --

[SA20754] dhcdbd DHCP Message Handling Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-06-21

Florian Hackenberger has reported a vulnerability in dhcdbd, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20754/

 --

[SA20702] Mandriva update for kdebase

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-06-16

Mandriva has issued an update for kdebase. This fixes a vulnerability,
which can be exploited by malicious, local users to gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/20702/

 --

[SA20729] NetPBM pamtofits Off-By-One Buffer Overflow Vulnerability

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2006-06-20

A vulnerability has been reported in NetPBM, which can be exploited by
malicious people to cause a DoS (Denial of Service) .

Full Advisory:
http://secunia.com/advisories/20729/

 --

[SA20711] HP-UX Support Tools Manager Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-06-19

A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20711/


Other:--

[SA20726] FortiMail Sendmail Multi-Part MIME Message Handling
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-06-21

A vulnerability has been reported in FortiMail, which potentially can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/20726/

 --

[SA20720] FortiGate FTP Anti-Virus Scanning Bypass Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-06-21

A vulnerability has been reported in FortiGate, which can be exploited
by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/20720/


Cross Platform:--

[SA20771] Ralf Image Gallery File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-21

David "Aesthetico" Vieira-Kurz has discovered a vulnerability in Ralf
Image Gallery (RIG), which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20771/

 --

[SA20769] SmartSiteCMS "root" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-21

Archit3ct and IR4DEX GROUP have discovered a vulnerability in
SmartSiteCMS, which can be exploited by malicious people to compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20769/

 --

[SA20768] BandSite CMS "root_path" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-21

Kw3[R]Ln has reported some vulnerabilities in BandSite CMS, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20768/

 --

[SA20758] Micro CMS "microcms_path" Parameter File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-20

CeNGiZ-HaN has discovered a vulnerability in Micro CMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20758/

 --

[SA20744] Ad Manager Pro "ipath" Parameter File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-20

Basti has reported a vulnerability in Ad Manager Pro, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20744/

 --

[SA20733] easy-CMS Multiple File Extensions Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-19

Liz0ziM has discovered a vulnerability in easy-CMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20733/

 --

[SA20731] Eduha Meeting PHP File Upload Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-06-19

Liz0ziM has reported a vulnerability in Eduha Meeting, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20731/

 --

[SA20713] CMS Faethon "mainpath" File Inclusion and Cross-Site
Scripting Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2006-06-19

Some vulnerabilities have been discovered in CMS Faethon, which can be
exploited by malicious people to conduct cross-site scripting attacks
or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20713/

 --

[SA20695] Bitweaver Multiple Vulnerabilities and Weakness

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
System access
Released:    2006-06-17

rgod has reported some vulnerabilities and a weakness in Bitweaver,
which can be exploited by malicious people to disclose certain system
information, conduct cross-site scripting attacks, and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/20695/

 --

[SA20772] Invision Power Board Hexadecimal HTML Entities Script
Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-21

A vulnerability has been reported in Invision Power Board, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/20772/

 --

[SA20763] IMGallery "galerie.php" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-21

r0t has reported some vulnerabilities in IMGallery, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20763/

 --

[SA20761] Ultimate Estate Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-06-21

r0t has reported some vulnerabilities in Ultimate Estate, which can be
exploited by malicious people to conduct cross-site scripting attacks
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20761/

 --

[SA20753] BtitTracker "torrents.php" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-20

r0t has reported two vulnerabilities in BtitTracker, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20753/

 --

[SA20747] thinkWMS Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-21

r0t has reported some vulnerabilities in thinkWMS, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20747/

 --

[SA20746] Joomla! "Name" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-19

rgod has discovered a vulnerability in Joomla!, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20746/

 --

[SA20745] Mambo "Name" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-19

rgod has discovered a vulnerability in Mambo, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20745/

 --

[SA20740] phpTRADER SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-21

r0t has reported some vulnerabilities in phpTRADER, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20740/

 --

[SA20739] xarancms "id" Parameter SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-19

r0t has reported a vulnerability in xarancms, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20739/

 --

[SA20738] tplShop "first_row" Parameter SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-19

r0t has discovered a vulnerability in tplShop, which can exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20738/

 --

[SA20732] IBM WebSphere Application Server Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-06-21

Some vulnerabilities have been reported in IBM Websphere Application
Server, which can be exploited by malicious, local users and malicious
people to gain knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/20732/

 --

[SA20730] VUBB SQL Injection and Cross-Site Scripting Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
system information
Released:    2006-06-20

DarkFig has discovered some vulnerabilities in VUBB, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/20730/

 --

[SA20727] e107 Cross-Site Scripting and Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-20

Ellipsis Security has discovered two vulnerabilities in e107, which can
be exploited by malicious people to conduct cross-site scripting and
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/20727/

 --

[SA20724] singapore "template" Parameter Local File Inclusion
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-06-20

Moroccan Security Research Team has discovered a vulnerability in
singapore, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/20724/

 --

[SA20706] Clubpage Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-06-20

r0t has reported some vulnerabilities in Clubpage, which can be
exploited by malicious people to conduct cross-site scripting attacks
and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20706/

 --

[SA20705] Free Realty "sort" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-20

r0t has reported a vulnerability in Free Realty, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20705/

 --

[SA20704] Open-Realty "sorttype" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-20

r0t has discovered a vulnerability in Open-Realty, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20704/

 --

[SA20701] VBZooM "QuranID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-21

CrAzY CrAcKeR has reported a vulnerability in VBZooM, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20701/

 --

[SA20700] Groupmax Address/Mail Server Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-06-20

A vulnerability has been reported in Groupmax Address/Mail Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/20700/

 --

[SA20696] Virtual War "war.php" SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-06-16

r0t has discovered some vulnerabilities in Virtual War, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/20696/

 --

[SA20767] Atlassian JIRA Enterprise Edition Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information
Released:    2006-06-21

r0t has discovered a vulnerability in Atlassian JIRA Enterprise
Edition, which can be exploited by malicious people to disclose system
information and conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20767/

 --

[SA20764] myPHP Guestbook Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-21

Some vulnerabilities have been reported in myPHP Guestbook, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/20764/

 --

[SA20742] UltimateGoogle "REQ" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-21

r0t has reported a vulnerability in UltimateGoogle, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20742/

 --

[SA20737] Ultimate eShop "subid" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-21

r0t has reported a vulnerability in Ultimate eShop, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20737/

 --

[SA20736] Tradingeye Shop "image" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-19

r0t has reported a vulnerability in Tradingeye Shop, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20736/

 --

[SA20735] Cisco CallManager Web Interface Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-20

FishNet Security has reported some vulnerabilities in Cisco
CallManager, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20735/

 --

[SA20728] Confixx Pro Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-19

p0w3r has reported two vulnerabilities in Confixx Pro, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20728/

 --

[SA20725] AssoCIateD "menu" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-20

r0t has discovered a vulnerability in AssoCIateD, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20725/

 --

[SA20718] phpMyDirectory Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-20

r0t has reported two vulnerabilities in phpMyDirectory, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20718/

 --

[SA20697] iPostMX 2005 "RETURNURL" Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-16

r0t has reported some vulnerabilities in iPostMX 2005, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20697/

 --

[SA20691] NC LinkList "index.php" Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-06-20

r0t has reported some vulnerabilities in NC LinkList, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/20691/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com



This archive was generated by hypermail 2.1.3 : Fri Jun 23 2006 - 12:51:46 PDT