========================================================================
The Secunia Weekly Advisory Summary
2006-07-20 - 2006-07-27
This week: 66 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia staff is spending hours every day to assure you the best
and most reliable source for vulnerability information. Every single
vulnerability report is being validated and verified before a Secunia
advisory is written.
Secunia validates and verifies vulnerability reports in many different
ways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
As a result, Secunia's database is the most correct and complete source
for recent vulnerability information available on the Internet.
Secunia Online Vulnerability Database:
http://secunia.com/
========================================================================
2) This Week in Brief:
Thiago Zaninotti has discovered a vulnerability in Apache HTTP Server,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Secunia has constructed a test, which is available at:
http://secunia.com/expect_header_cross-site_scripting_vulnerability_test/
Reference:
http://secunia.com/SA21172
--
VIRUS ALERTS:
During the past week Secunia collected 161 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA21172] Apache "Expect" Header Cross-Site Scripting
Vulnerability
2. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
3. [SA20748] Microsoft Windows Hyperlink Object Library Buffer
Overflow
4. [SA21132] Sun Solaris Event Port API Denial of Service
Vulnerability
5. [SA21136] Red Hat update for kernel
6. [SA21134] Red Hat update for seamonkey
7. [SA21147] Ubuntu update for mysql-dfsg-4.1
8. [SA21141] phpFaber TopSites Cross-Site Scripting and SQL Injection
9. [SA21128] PhpHostBot "page" File Inclusion Vulnerability
10. [SA21145] Top XL add.php Cross-Site Scripting Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA21194] Tumbleweed Email Firewall LHA File Parsing Vulnerabilities
[SA21180] DynaZip dzip32.dll/dzips32.dll Buffer Overflow
Vulnerabilities
[SA21177] TurboZIP dzip32.dll Buffer Overflow Vulnerability
[SA21211] eIQnetworks Enterprise Security Analyzer Multiple
Vulnerabilities
[SA21175] AGEphone sipd.dll SIP Datagram Handling Buffer Overflow
[SA21199] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability
[SA21161] Novell Client Firewall Privilege Escalation Vulnerability
UNIX/Linux:
[SA21210] Ubuntu update for mozilla-thunderbird
[SA21204] Gentoo update for wireshark
[SA21188] Ubuntu update for firefox
[SA21183] Debian update for mozilla
[SA21178] Ubuntu update for mozilla
[SA21176] Debian update for mozilla-firefox
[SA21139] Gentoo update for xine-lib
[SA21202] Red Hat update for php
[SA21198] rPath update for gimp
[SA21191] Debian update for fbi
[SA21184] Debian update for libdumb
[SA21182] Debian update for gimp
[SA21171] Freeciv Denial of Service Vulnerabilities
[SA21170] Gentoo update for gimp
[SA21169] fbida fbgs Arbitrary Postscript Code Execution Vulnerability
[SA21164] Debian update for postgrey
[SA21160] rPath update for sendmail
[SA21159] SUSE Updates for Multiple Packages
[SA21152] Debian update for libnet-server-perl
[SA21146] Debian update for hashcash
[SA21144] Mandriva update for freetype2
[SA21143] Trustix updates for gnupg/samba
[SA21137] Debian update for gnupg2
[SA21186] Debian update for libgd2
[SA21150] Debian update for hiki
[SA21190] Gentoo update for samba
[SA21147] Ubuntu update for mysql-dfsg-4.1
[SA21163] Sun Solaris IP Implementation Routing Table Bypass
[SA21148] Sun Solaris sysinfo() Kernel Memory Disclosure
[SA21203] Red Hat update for kdebase
[SA21140] Avaya PDS Kernel Denial of Service Vulnerability
Other:
[SA21154] TippingPoint Layer 2 Mode Security Bypass Vulnerability
[SA21195] Siemens SpeedStream 2624 Denial of Service Vulnerability
Cross Platform:
[SA21168] Mambo MultiBanners Component File Inclusion Vulnerability
[SA21166] Mambo MoSpray Component "basedir" File Inclusion
Vulnerability
[SA21165] HP Oracle for OpenView Multiple Vulnerabilities
[SA21158] PHP Live! "css_path" File Inclusion Vulnerability
[SA21138] SiteDepth CMS "SD_DIR" File Inclusion Vulnerability
[SA21212] LinksCaffe Cross-Site Scripting and SQL Injection
[SA21207] SD Studio CMS SQL Injection Vulnerabilities
[SA21206] Professional Home Page Tools Login Script Script Insertion
[SA21205] TP-Book Script Insertion Vulnerability
[SA21196] libmikmod XCOM Chunk Handling Buffer Overflow Vulnerability
[SA21181] MyBB "avatarurl" Script Insertion Vulnerability
[SA21173] Fire-Mouse Toplist "Seitenname" Script Insertion
Vulnerability
[SA21167] Etomite "username" SQL Injection Vulnerability
[SA21157] Loudblog "id" SQL Injection Vulnerability
[SA21156] Unidomedia Chameleon "rmid" Local File Inclusion
Vulnerability
[SA21155] Micro Guestbook Script Insertion Vulnerability
[SA21149] Net::Server Log Format String Vulnerability
[SA21141] phpFaber TopSites Cross-Site Scripting and SQL Injection
[SA21189] sNews "search_query" Cross-Site Scripting Vulnerability
[SA21187] Red Hat update for samba
[SA21174] IBM HTTP Server "Expect" Header Cross-Site Scripting
[SA21172] Apache "Expect" Header Cross-Site Scripting Vulnerability
[SA21151] IP Calculator Cross-Site Scripting Vulnerability
[SA21145] Top XL add.php Cross-Site Scripting Vulnerability
[SA21136] Red Hat update for kernel
[SA21153] CASA Unspecified Security Issues
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA21194] Tumbleweed Email Firewall LHA File Parsing Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-07-25
Ryan Smith has reported three vulnerabilities in Tumbleweed Email
Firewall, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21194/
--
[SA21180] DynaZip dzip32.dll/dzips32.dll Buffer Overflow
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-07-25
Tan Chew Keong has reported some vulnerabilities in DynaZip, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21180/
--
[SA21177] TurboZIP dzip32.dll Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-07-25
Tan Chew Keong has reported a vulnerability in TurboZIP, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21177/
--
[SA21211] eIQnetworks Enterprise Security Analyzer Multiple
Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2006-07-26
Multiple vulnerabilities have been reported in eIQnetworks Enterprise
Security Analyzer, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21211/
--
[SA21175] AGEphone sipd.dll SIP Datagram Handling Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2006-07-25
Tan Chew Keong has reported a vulnerability in AGEphone, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21175/
--
[SA21199] PowerArchiver DZIPS32.DLL Buffer Overflow Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
Released: 2006-07-25
Tan Chew Keong has reported a vulnerability in PowerArchiver, which can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21199/
--
[SA21161] Novell Client Firewall Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-07-24
A vulnerability has been discovered in Novell Client Firewall, which
can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/21161/
UNIX/Linux:--
[SA21210] Ubuntu update for mozilla-thunderbird
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, System access
Released: 2006-07-26
Ubuntu has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and HTTP
response smuggling attacks, and potentially compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21210/
--
[SA21204] Gentoo update for wireshark
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-25
Gentoo has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21204/
--
[SA21188] Ubuntu update for firefox
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information,
System access
Released: 2006-07-25
Ubuntu has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and HTTP
response smuggling attacks, disclose sensitive information, and
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21188/
--
[SA21183] Debian update for mozilla
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, System access
Released: 2006-07-24
Debian has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and HTTP
response smuggling attacks, and potentially compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21183/
--
[SA21178] Ubuntu update for mozilla
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, System access
Released: 2006-07-26
Ubuntu has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and HTTP
response smuggling attacks, disclose sensitive information, and
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21178/
--
[SA21176] Debian update for mozilla-firefox
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, System access
Released: 2006-07-24
Debian has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and HTTP
response smuggling attacks, and potentially compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21176/
--
[SA21139] Gentoo update for xine-lib
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-21
Gentoo has issued an update for xine-lib. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21139/
--
[SA21202] Red Hat update for php
Critical: Moderately critical
Where: From remote
Impact: Unknown, Security Bypass, DoS
Released: 2006-07-26
Red Hat has issued an update for php. This fixes some vulnerabilities,
where one has an unknown impact and others can be exploited to bypass
certain security restrictions or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21202/
--
[SA21198] rPath update for gimp
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-25
rPath has issued an update for gimp. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21198/
--
[SA21191] Debian update for fbi
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-07-26
Debian has issued an update for fbi. This fixes a vulnerability, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21191/
--
[SA21184] Debian update for libdumb
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-07-25
Debian has issued an update for libdumb. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/21184/
--
[SA21182] Debian update for gimp
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-25
Debian has issued an update for gimp. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21182/
--
[SA21171] Freeciv Denial of Service Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-07-24
Luigi Auriemma has reported a vulnerability in Freeciv, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21171/
--
[SA21170] Gentoo update for gimp
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-24
Gentoo has issued an update for gimp. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21170/
--
[SA21169] fbida fbgs Arbitrary Postscript Code Execution Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-07-26
Toth Andras has reported a vulnerability in fbida, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21169/
--
[SA21164] Debian update for postgrey
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-07-24
Debian has issued an update for postgrey. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21164/
--
[SA21160] rPath update for sendmail
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-07-24
rPath has issued an update for sendmail. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21160/
--
[SA21159] SUSE Updates for Multiple Packages
Critical: Moderately critical
Where: From remote
Impact: Unknown, Security Bypass, Exposure of system information,
Exposure of sensitive information, DoS
Released: 2006-07-25
SUSE has issued updates for multiple packages. These fix some
vulnerabilities where some have an unknown impact, and others can be
exploited by malicious people to bypass certain security restrictions,
disclose various information, or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21159/
--
[SA21152] Debian update for libnet-server-perl
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-07-25
Debian has issued an update for libnet-server-perl. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21152/
--
[SA21146] Debian update for hashcash
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-21
Debian has issued an update for hashcash. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21146/
--
[SA21144] Mandriva update for freetype2
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-21
Mandriva has issued an update for freetype2. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise applications using
the library.
Full Advisory:
http://secunia.com/advisories/21144/
--
[SA21143] Trustix updates for gnupg/samba
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-07-21
Trustix has issued updates for gnupg and samba. These fix some
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21143/
--
[SA21137] Debian update for gnupg2
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-07-21
Debian has issued an update for gnupg2. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/21137/
--
[SA21186] Debian update for libgd2
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-07-25
Debian has issued an update for libgd2. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) against applications and services using libgd2.
Full Advisory:
http://secunia.com/advisories/21186/
--
[SA21150] Debian update for hiki
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-07-24
Debian has issued an update for hiki. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21150/
--
[SA21190] Gentoo update for samba
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-07-26
Gentoo has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21190/
--
[SA21147] Ubuntu update for mysql-dfsg-4.1
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-07-21
Ubuntu has issued an update for mysql-dfsg-4.1. This fixes a
vulnerability, which can be exploited by malicious users to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/21147/
--
[SA21163] Sun Solaris IP Implementation Routing Table Bypass
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2006-07-24
A vulnerability has been reported in Solaris, which can be exploited by
malicious, local users to bypass certain restrictions.
Full Advisory:
http://secunia.com/advisories/21163/
--
[SA21148] Sun Solaris sysinfo() Kernel Memory Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2006-07-24
A vulnerability has been reported in Solaris, which can be exploited by
malicious, local users to gain knowledge of potentially sensitive
information.
Full Advisory:
http://secunia.com/advisories/21148/
--
[SA21203] Red Hat update for kdebase
Critical: Not critical
Where: Local system
Impact: Security Bypass
Released: 2006-07-26
Red Hat has issued an update for kdebase. This fixes a security issue,
which may lead to malicious people with physical access to a system to
access to a user's desktop session.
Full Advisory:
http://secunia.com/advisories/21203/
--
[SA21140] Avaya PDS Kernel Denial of Service Vulnerability
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2006-07-21
Avaya has acknowledged a vulnerability in Avaya Predictive Dialing
System (PDS), which can be exploited by malicious, local users to cause
a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21140/
Other:--
[SA21154] TippingPoint Layer 2 Mode Security Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2006-07-26
Andres Riancho has reported a vulnerability in TippingPoint products,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21154/
--
[SA21195] Siemens SpeedStream 2624 Denial of Service Vulnerability
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-07-25
Jaime Blasco has reported a vulnerability in Siemens Speedstream 2624,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21195/
Cross Platform:--
[SA21168] Mambo MultiBanners Component File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-07-24
Blue|Spy has reported a vulnerability in the MultiBanners component for
Mambo, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21168/
--
[SA21166] Mambo MoSpray Component "basedir" File Inclusion
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-07-24
Kurdish Security has reported a vulnerability in the MoSpray component
of Mambo, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21166/
--
[SA21165] HP Oracle for OpenView Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Unknown, Manipulation of data, System access
Released: 2006-07-24
HP has acknowledged some vulnerabilities in HP OfO (Oracle for
Openview), where some have unknown impacts and others can be exploited
by malicious people to conduct SQL injection attacks or compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21165/
--
[SA21158] PHP Live! "css_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-07-24
magnific has reported a vulnerability in PHP Live!, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21158/
--
[SA21138] SiteDepth CMS "SD_DIR" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-07-21
Aesthetico has reported a vulnerability in SiteDepth CMS, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21138/
--
[SA21212] LinksCaffe Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-07-26
simo64 has discovered some vulnerabilities in LinksCaffe, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/21212/
--
[SA21207] SD Studio CMS SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-07-26
Ivan Markovic reported some vulnerabilities in SD Studio CMS, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21207/
--
[SA21206] Professional Home Page Tools Login Script Script Insertion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-26
Tamriel has discovered a vulnerability in Professional Home Page Tools
Login Script, which can be exploited by malicious people to conduct
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/21206/
--
[SA21205] TP-Book Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-26
Tamriel has reported a vulnerability in TP-Book, which can be exploited
by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/21205/
--
[SA21196] libmikmod XCOM Chunk Handling Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-07-25
Luigi Auriemma has reported a vulnerability in libmikmod, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21196/
--
[SA21181] MyBB "avatarurl" Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-24
Aliaksandr Hartsuyeu has discovered a vulnerability in MyBB, which can
be exploited by malicious users to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/21181/
--
[SA21173] Fire-Mouse Toplist "Seitenname" Script Insertion
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-25
David Vieira-Kurz has discovered a vulnerability in Fire-Mouse Toplist,
which can be exploited by malicious people to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/21173/
--
[SA21167] Etomite "username" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-07-25
rgod has discovered a vulnerability in Etomite, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21167/
--
[SA21157] Loudblog "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-07-24
rgod has discovered a vulnerability in Loudblog, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21157/
--
[SA21156] Unidomedia Chameleon "rmid" Local File Inclusion
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2006-07-24
kicktd has reported a vulnerability in Unidomedia Chameleon, which can
be exploited by malicious people to disclose certain sensitive
information.
Full Advisory:
http://secunia.com/advisories/21156/
--
[SA21155] Micro Guestbook Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-24
omnipresent has discovered a vulnerability in Micro Guestbook, which
can be exploited by malicious people to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/21155/
--
[SA21149] Net::Server Log Format String Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-07-25
A vulnerability in Net::Server has been reported, which could be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21149/
--
[SA21141] phpFaber TopSites Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-07-21
David "Aesthetico" Vieira-Kurz has discovered a vulnerability in
phpFaber TopSites, which can be exploited by malicious people to
conduct cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21141/
--
[SA21189] sNews "search_query" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-25
Ivan Markovic has reported a vulnerability in sNews, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21189/
--
[SA21187] Red Hat update for samba
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-07-25
Red Hat has issued an update for samba. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21187/
--
[SA21174] IBM HTTP Server "Expect" Header Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-25
IBM has acknowledged a vulnerability in IBM HTTP Server, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21174/
--
[SA21172] Apache "Expect" Header Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-25
Thiago Zaninotti has discovered a vulnerability in Apache HTTP Server,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/21172/
--
[SA21151] IP Calculator Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-24
Tim Brown has discovered a vulnerability in IP Calculator, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21151/
--
[SA21145] Top XL add.php Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-07-21
David "Aesthetico" Vieira-Kurz has discovered a vulnerability in Top
XL, which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/21145/
--
[SA21136] Red Hat update for kernel
Critical: Less critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS
Released: 2006-07-20
Red Hat has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of system or potentially sensitive information, bypass
certain security restrictions, cause a DoS (Denial of Service), or by
malicious people to cause a DoS.
Full Advisory:
http://secunia.com/advisories/21136/
--
[SA21153] CASA Unspecified Security Issues
Critical: Less critical
Where: Local system
Impact: Unknown
Released: 2006-07-25
Some security issues with unknown impacts have been reported in CASA.
Full Advisory:
http://secunia.com/advisories/21153/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jul 27 2006 - 22:37:42 PDT