========================================================================
The Secunia Weekly Advisory Summary
2006-08-03 - 2006-08-10
This week: 99 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
60%* of the users of our weekly summary value real-time and filtered
advisories - a solution Secunia provides businesses today through our
commercial products.
We would therefore like to bring your attention upon our commercial
products that will enable you to get real-time and filtered advisories
on vulnerabilities.
Please click on the links below:
The Secunia Security Manager Product:
http://secunia.com/security_manager/?menu=prod
Request An Account:
https://ca.secunia.com/?page=requestaccount&f=wsum
Or send a mail to: sales@private
Or by phone: +45 7020 5144
Stay Secure,
Secunia
*: According to our recent survey.
========================================================================
2) This Week in Brief:
Microsoft has released their monthly security bulletins for August,
which fixes several vulnerabilities in various Microsoft products.
Several of the vulnerabilities fixed have the potential of being
exploited on a broader scale. All users of Microsoft products are
advised to visit Windows Update immediately and apply all available
patches.
Additional details can be found in the referenced Secunia advisories
listed below.
References:
http://secunia.com/SA21396
http://secunia.com/SA21408
http://secunia.com/SA21040
http://secunia.com/SA21415
http://secunia.com/SA20748
http://secunia.com/SA21417
http://secunia.com/SA20825
http://secunia.com/SA20906
http://secunia.com/SA21401
http://secunia.com/SA20384
http://secunia.com/SA21394
http://secunia.com/SA21388
--
VIRUS ALERTS:
During the past week Secunia collected 178 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA20748] Microsoft Windows Hyperlink Object Library
Vulnerabilities
2. [SA21394] Windows DNS Resolution Code Execution Vulnerabilities
3. [SA21360] vBulletin Cross-Site Scripting and Script Insertion
4. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
5. [SA21253] Mac OS X Security Update Fixes Multiple Vulnerabilities
6. [SA21374] Clam AntiVirus pefromupx() Buffer Overflow Vulnerability
7. [SA21377] Microsoft Windows WMF File Handling Denial of Service
8. [SA21417] Microsoft Windows Two Vulnerabilities
9. [SA21345] DHCP "supersede_lease()" DHCPOFFER Denial of Service
10. [SA21388] Windows Server Service Buffer Overflow Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA21408] Microsoft Visual Basic for Applications Buffer Overflow
[SA21417] Microsoft Windows Two Vulnerabilities
[SA21401] Microsoft Management Console Cross-Site Scripting
[SA21396] Internet Explorer Multiple Vulnerabilities
[SA21394] Windows DNS Resolution Code Execution Vulnerabilities
[SA21431] CLUB-Nuke [XP] SQL Injection Vulnerabilities
[SA21418] OpenMPT Buffer Overflow Vulnerabilities
[SA21411] Novell GroupWise WebAccess Multiple Vulnerabilities
[SA21397] YenerTurk Haber Script "id" SQL Injection Vulnerability
[SA21348] Lhaz LZH File Handling Buffer Overflow Vulnerabilities
[SA21388] Windows Server Service Buffer Overflow Vulnerability
[SA21415] Windows Kernel Privilege Escalation Vulnerability
[SA21377] Microsoft Windows WMF File Handling Denial of Service
UNIX/Linux:
[SA21457] SUSE update for clamav
[SA21433] Mandriva update for clamav
[SA21422] AlsaPlayer Multiple Buffer Overflow Vulnerabilities
[SA21419] Ubuntu update for libwmf
[SA21405] Gentoo update for x11vnc
[SA21393] x11vnc Authentication Bypass Vulnerability
[SA21384] DConnect Daemon Multiple Vulnerabilities
[SA21368] Gentoo update for clamav
[SA21361] Gentoo update for mozilla-firefox
[SA21358] Gentoo update for mozilla-thunderbird
[SA21349] Gentoo update for libvncserver
[SA21343] Gentoo update for seamonkey
[SA21437] Mandriva update for ncompress
[SA21434] Debian update for ncompress
[SA21427] ncompress "decompress()" Buffer Overflow Vulnerability
[SA21416] Gentoo update for dumb
[SA21392] Mandriva update for libtiff
[SA21385] rPath update for freetype
[SA21378] Gentoo update for gnupg
[SA21370] Gentoo update for tiff
[SA21365] Gentoo updates for webmin/usermin
[SA21362] Gentoo update for pike
[SA21352] Debian update for freeciv
[SA21351] Debian update for gnupg2
[SA21350] Gentoo update for courier
[SA21346] Trustix updates for multiple packages
[SA21453] Sun Solaris "drain_squeue()" Denial of Service
[SA21406] Debian update for chmlib
[SA21400] Debian update for mantis
[SA21399] Red Hat update for apache
[SA21369] Linux Kernel Ext3 Invalid Inode Number Denial of Service
[SA21363] Debian update for dhcp
[SA21345] DHCP "supersede_lease()" DHCPOFFER Denial of Service
[SA21456] rPath update for krb5
[SA21441] Mandriva update for krb5
[SA21439] Debian update for krb5
[SA21436] Heimdal setuid Security Issue
[SA21428] LessTif "DEBUG_FILE" Privilege Escalation Vulnerability
[SA21423] Red Hat update for krb5
[SA21402] Kerberos V5 setuid Security Issue
[SA21398] Sun Ray Server Software utxconfig Privilege Escalation
[SA21382] rPath update for mysql
[SA21366] Gentoo update for mysql
[SA21341] Debian update for cfs
Other:
[SA21372] Linksys WRT54G Configuration Manipulation and Request
Forgery
Cross Platform:
[SA21460] See-Commerce "path" File Inclusion Vulnerability
[SA21432] Comet WebFileManager "Language" File Inclusion Vulnerability
[SA21430] hitweb "REP_INC" File Inclusion Vulnerability
[SA21414] SAPID Shop "root_path" File Inclusion Vulnerability
[SA21413] SAPID Gallery "root_path" File Inclusion Vulnerabilities
[SA21412] docpile:we "INIT_PATH" File Inclusion Vulnerabilities
[SA21410] SAPID CMS "root_path" File Inclusion Vulnerability
[SA21407] phNNTP "file_newsportal" File Inclusion Vulnerability
[SA21395] NEWSolved Lite "abs_path" File Inclusion Vulnerability
[SA21391] Visual Events Calendar "cfg_dir" File Inclusion
Vulnerability
[SA21389] Joomla JD-Wiki Component File Inclusion Vulnerability
[SA21386] phpCodeCabinet "BEAUT_PATH" File Inclusion Vulnerability
[SA21375] Torbstoff News "pfad" File Inclusion Vulnerability
[SA21374] Clam AntiVirus pefromupx() Buffer Overflow Vulnerability
[SA21373] phpAutoMembersArea "installed_config_file" File Inclusion
[SA21371] PHP Simple Shop "abs_path" File Inclusion Vulnerability
[SA21359] ME Download System File Inclusion Vulnerabilities
[SA21353] ZoneX Publishers Gold Edition "phpbb_root_path" File
Inclusion
[SA21342] sendcard Multiple Vulnerabilities
[SA21451] PHPMyRing "idsite" SQL Injection Vulnerability
[SA21435] Drupal Bibliography Module Cross-Site Scripting and SQL
Injection
[SA21429] Simple one-file guestbook Authentication Bypass
[SA21409] XennoBB profile.php SQL Injection Vulnerabilities
[SA21380] Drupal Jobsearch Module SQL Injection Vulnerability
[SA21379] The Address Book Reloaded Login SQL Injection
Vulnerabilities
[SA21376] myBloggie SQL Injection and Table Prefix Disclosure
[SA21367] Festalon HES File Handling Heap Corruption Vulnerability
[SA21364] The Address Book Login SQL Injection Vulnerabilities
[SA21360] vBulletin Cross-Site Scripting and Script Insertion
[SA21357] GästeChaos Script Insertion and SQL Injection
Vulnerabilities
[SA21356] CounterChaos "Referer" HTTP Header SQL Injection
[SA21355] GeheimChaos Multiple SQL Injection Vulnerabilities
[SA21347] Netious CMS SQL Injection and Session Hijacking
[SA21438] MojoGallery "admin.cgi" Cross-Site Scripting Vulnerabilities
[SA21390] Simplog "keyw" Cross-Site Scripting Vulnerability
[SA21387] DeluxeBB pm.php Authentication Bypass Vulnerability
[SA21383] CakePHP error.php Cross-Site Scripting Vulnerability
[SA21381] Drupal Recipe Module Script Insertion Vulnerability
[SA21344] toendaCMS "s" Cross-Site Scripting Vulnerability
[SA21421] ColdFusion AdminAPI Authentication Bypass
[SA21403] PHP "sscanf()" Code Execution Safe Mode Bypass
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA21408] Microsoft Visual Basic for Applications Buffer Overflow
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2006-08-08
A vulnerability has been reported in Microsoft Visual Basic for
Applications, which can be exploited by malicious people to compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/21408/
--
[SA21417] Microsoft Windows Two Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Privilege escalation, System access
Released: 2006-08-08
Two vulnerabilities have been reported in Microsoft Windows, which can
be exploited by malicious, local users to gain escalated privileges and
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21417/
--
[SA21401] Microsoft Management Console Cross-Site Scripting
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2006-08-08
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21401/
--
[SA21396] Internet Explorer Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2006-08-08
Multiple vulnerabilities have been reported in Internet Explorer, which
can be exploited by malicious people to gain knowledge of certain
information or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21396/
--
[SA21394] Windows DNS Resolution Code Execution Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-08
Some vulnerabilities have been reported in Microsoft Windows, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21394/
--
[SA21431] CLUB-Nuke [XP] SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-08-09
ASIANEAGLE has reported two vulnerabilities in CLUB-Nuke [XP], which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21431/
--
[SA21418] OpenMPT Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-09
Luigi Auriemma has reported some vulnerabilities in OpenMPT, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21418/
--
[SA21411] Novell GroupWise WebAccess Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-08-08
Some vulnerabilities have been reported in Novell GroupWise, which can
be exploited by malicious people to conduct cross-site scripting and
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/21411/
--
[SA21397] YenerTurk Haber Script "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-08-08
ASIANEAGLE has reported a vulnerability in YenerTurk Haber Script,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/21397/
--
[SA21348] Lhaz LZH File Handling Buffer Overflow Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-08-07
Tan Chew Keong has reported two vulnerabilities in Lhaz, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21348/
--
[SA21388] Windows Server Service Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2006-08-08
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21388/
--
[SA21415] Windows Kernel Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-08-08
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/21415/
--
[SA21377] Microsoft Windows WMF File Handling Denial of Service
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2006-08-07
cyanid-E has discovered a vulnerability in Microsoft Windows, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21377/
UNIX/Linux:--
[SA21457] SUSE update for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-10
SUSE has issued an update for clamav. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21457/
--
[SA21433] Mandriva update for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-09
Mandriva has issued an update for clamav. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21433/
--
[SA21422] AlsaPlayer Multiple Buffer Overflow Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-10
Luigi Auriemma has reported some vulnerabilities in AlsaPlayer, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21422/
--
[SA21419] Ubuntu update for libwmf
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-09
Ubuntu has issued an update for libwmf. This fixes a vulnerability,
which can be exploited by malicious people to compromise an application
using the library.
Full Advisory:
http://secunia.com/advisories/21419/
--
[SA21405] Gentoo update for x11vnc
Critical: Highly critical
Where: From remote
Impact: Security Bypass
Released: 2006-08-08
Gentoo has issued an update for x11vnc. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21405/
--
[SA21393] x11vnc Authentication Bypass Vulnerability
Critical: Highly critical
Where: From remote
Impact: Security Bypass
Released: 2006-08-08
A vulnerability has been reported in x11vnc, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/21393/
--
[SA21384] DConnect Daemon Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-07
Luigi Auriemma has reported some vulnerabilities in DConnect Daemon,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21384/
--
[SA21368] Gentoo update for clamav
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-08
Gentoo has issued an update for clamav. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21368/
--
[SA21361] Gentoo update for mozilla-firefox
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2006-08-04
Gentoo has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21361/
--
[SA21358] Gentoo update for mozilla-thunderbird
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2006-08-04
Gentoo has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21358/
--
[SA21349] Gentoo update for libvncserver
Critical: Highly critical
Where: From remote
Impact: Security Bypass
Released: 2006-08-04
Gentoo has issued an update for libvncserver. This fixes a
vulnerability, which can be exploited by malicious people to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/21349/
--
[SA21343] Gentoo update for seamonkey
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2006-08-04
Gentoo has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21343/
--
[SA21437] Mandriva update for ncompress
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-10
Mandriva has issued an update for ncompress. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21437/
--
[SA21434] Debian update for ncompress
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-10
Debian has issued an update for ncompress. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21434/
--
[SA21427] ncompress "decompress()" Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-10
Tavis Ormandy has reported a vulnerability in ncompress, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21427/
--
[SA21416] Gentoo update for dumb
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-09
Gentoo has issued an update for dumb. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21416/
--
[SA21392] Mandriva update for libtiff
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-08
Mandriva has issued an update for libtiff. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21392/
--
[SA21385] rPath update for freetype
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-08
rPath has issued an update for freetype. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise applications using
the library.
Full Advisory:
http://secunia.com/advisories/21385/
--
[SA21378] Gentoo update for gnupg
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-08-07
Gentoo has issued an update for gnupg. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21378/
--
[SA21370] Gentoo update for tiff
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-07
Gentoo has issued an update for tiff. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21370/
--
[SA21365] Gentoo updates for webmin/usermin
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2006-08-07
Gentoo has issued updates for webmin and usermin. These fix a
vulnerability, which can be exploited by malicious people to disclose
potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/21365/
--
[SA21362] Gentoo update for pike
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-08-07
Gentoo has issued an update for pike. This fixes a vulnerability, which
potentially can be exploited by malicious people to conduct SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/21362/
--
[SA21352] Debian update for freeciv
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-08-04
Debian has issued an update for freeciv. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21352/
--
[SA21351] Debian update for gnupg2
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-08-04
Debian has issued an update for gnupg2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21351/
--
[SA21350] Gentoo update for courier
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-08-04
Gentoo has issued an update for courier. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/21350/
--
[SA21346] Trustix updates for multiple packages
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-04
Trustix has issued updates for multiple packages. These fix some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21346/
--
[SA21453] Sun Solaris "drain_squeue()" Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-08-10
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21453/
--
[SA21406] Debian update for chmlib
Critical: Less critical
Where: From remote
Impact: System access
Released: 2006-08-08
Debian has issued an update for chmlib. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/21406/
--
[SA21400] Debian update for mantis
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-08-08
Debian has issued an update for mantis. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21400/
--
[SA21399] Red Hat update for apache
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-08-09
Red Hat has issued an update for apache. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/21399/
--
[SA21369] Linux Kernel Ext3 Invalid Inode Number Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-08-07
James McKenzie has reported a vulnerability in Linux Kernel, which can
be exploited by malicious users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21369/
--
[SA21363] Debian update for dhcp
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-08-04
Debian has issued an update for dhcp. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21363/
--
[SA21345] DHCP "supersede_lease()" DHCPOFFER Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-08-04
A vulnerability has been reported in ISC DHCP, which can be exploited
by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21345/
--
[SA21456] rPath update for krb5
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-08-10
rPath has issued an update for krb5. This fixes a security issue, which
potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/21456/
--
[SA21441] Mandriva update for krb5
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-08-10
Mandriva has issued an update for krb5. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/21441/
--
[SA21439] Debian update for krb5
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-08-09
Debian has issued an update for krb5. This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/21439/
--
[SA21436] Heimdal setuid Security Issue
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-08-09
A security issue has been reported in Heimdal, which potentially can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://secunia.com/advisories/21436/
--
[SA21428] LessTif "DEBUG_FILE" Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-08-09
Karol Wiesek has reported a vulnerability in LessTif, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/21428/
--
[SA21423] Red Hat update for krb5
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-08-09
Red Hat has issued an update for krb5. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Full Advisory:
http://secunia.com/advisories/21423/
--
[SA21402] Kerberos V5 setuid Security Issue
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-08-09
A security issue has been reported in Kerberos, which potentially can
be exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://secunia.com/advisories/21402/
--
[SA21398] Sun Ray Server Software utxconfig Privilege Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-08-09
A vulnerability has been reported in Sun Ray Server Software, which can
be exploited by malicious, local users to perform certain actions with
escalated privileges.
Full Advisory:
http://secunia.com/advisories/21398/
--
[SA21382] rPath update for mysql
Critical: Not critical
Where: From local network
Impact: Security Bypass
Released: 2006-08-08
rPath has issued an update for mysql. This fixes a vulnerability, which
can be exploited by malicious users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21382/
--
[SA21366] Gentoo update for mysql
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2006-08-07
Gentoo has issued an update for mysql. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21366/
--
[SA21341] Debian update for cfs
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2006-08-04
Debian has issued an update for cfs. This fixes a vulnerability, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21341/
Other:--
[SA21372] Linksys WRT54G Configuration Manipulation and Request
Forgery
Critical: Less critical
Where: From remote
Impact: Hijacking, Manipulation of data
Released: 2006-08-07
Ginsu Rabbit has reported a vulnerability and a security issue in
Linksys WRT54G, which can be exploited by malicious people to conduct
cross-site request forgery attacks and manipulate the configuration.
Full Advisory:
http://secunia.com/advisories/21372/
Cross Platform:--
[SA21460] See-Commerce "path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-10
Drago84 has reported a vulnerability in See-Commerce, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21460/
--
[SA21432] Comet WebFileManager "Language" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-09
Philipp Niedziela has discovered a vulnerability in Comet
WebFileManager, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21432/
--
[SA21430] hitweb "REP_INC" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-10
Drago84 has reported a vulnerability in hitweb, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21430/
--
[SA21414] SAPID Shop "root_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-08
Kacper has discovered a vulnerability in SAPID Shop, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21414/
--
[SA21413] SAPID Gallery "root_path" File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-08
Kacper has discovered some vulnerabilities in SAPID Gallery, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21413/
--
[SA21412] docpile:we "INIT_PATH" File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-09
Some vulnerabilities have been discovered in docpile:we, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21412/
--
[SA21410] SAPID CMS "root_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-08
Simo64 has discovered some vulnerabilities in SAPID CMS, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21410/
--
[SA21407] phNNTP "file_newsportal" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-09
Tr_ZiNDaN has reported a vulnerability in phNNTP, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21407/
--
[SA21395] NEWSolved Lite "abs_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-08
Philipp Niedziela has discovered a vulnerability in NEWSolved Lite,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21395/
--
[SA21391] Visual Events Calendar "cfg_dir" File Inclusion
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-08
x0r0n has discovered a vulnerability in Visual Events Calendar, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21391/
--
[SA21389] Joomla JD-Wiki Component File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-08
jank0 has reported a vulnerability in the JD-Wiki component for Joomla,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21389/
--
[SA21386] phpCodeCabinet "BEAUT_PATH" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-07
Minion has discovered a vulnerability in phpCodeCabinet, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21386/
--
[SA21375] Torbstoff News "pfad" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-07
SHiKaA has discovered a vulnerability in Torbstoff News, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21375/
--
[SA21374] Clam AntiVirus pefromupx() Buffer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-07
Damian Put has discovered a vulnerability in Clam AntiVirus, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21374/
--
[SA21373] phpAutoMembersArea "installed_config_file" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-07
Philipp Niedziela has reported a vulnerability in phpAutoMembersArea,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21373/
--
[SA21371] PHP Simple Shop "abs_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-07
Ahmad Maulana has reported a vulnerability in PHP Simple Shop, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21371/
--
[SA21359] ME Download System File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-04
Some vulnerabilities have been discovered in ME Download System, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21359/
--
[SA21353] ZoneX Publishers Gold Edition "phpbb_root_path" File
Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-08-04
x0r0n has discovered a vulnerability in ZoneX Publishers Gold Edition,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21353/
--
[SA21342] sendcard Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information, System
access
Released: 2006-08-04
rgod has reported some vulnerabilities in sendcard, which can be
exploited by malicious users to disclose certain sensitive information,
and by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/21342/
--
[SA21451] PHPMyRing "idsite" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-08-10
Simo64 has reported a vulnerability in PHPMyRing, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21451/
--
[SA21435] Drupal Bibliography Module Cross-Site Scripting and SQL
Injection
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Manipulation of
data
Released: 2006-08-09
Some vulnerabilities have been reported in the Bibliography module for
Drupal, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21435/
--
[SA21429] Simple one-file guestbook Authentication Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2006-08-09
Omnipresent has discovered a vulnerability in Simple one-file
guestbook, which can be exploited by malicious people to bypass certain
security restrictions.
Full Advisory:
http://secunia.com/advisories/21429/
--
[SA21409] XennoBB profile.php SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-08-08
Chris Boulton has discovered some vulnerabilities in XennoBB, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21409/
--
[SA21380] Drupal Jobsearch Module SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-08-08
A vulnerability has been reported in the Jobsearch Module for Drupal,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/21380/
--
[SA21379] The Address Book Reloaded Login SQL Injection
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2006-08-07
Two vulnerabilities have been reported in The Address Book Reloaded,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/21379/
--
[SA21376] myBloggie SQL Injection and Table Prefix Disclosure
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of system information
Released: 2006-08-07
rgod has discovered some vulnerabilities and a weakness in myBloggie,
which can be exploited by malicious people to disclose system
information and conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21376/
--
[SA21367] Festalon HES File Handling Heap Corruption Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-08-07
Luigi Auriemma has reported a vulnerability in Festalon, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21367/
--
[SA21364] The Address Book Login SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2006-08-07
Two vulnerabilities have been discovered in The Address Book, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21364/
--
[SA21360] vBulletin Cross-Site Scripting and Script Insertion
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-08-04
Some vulnerabilities have been reported in vBulletin, which can be
exploited by malicious people to conduct cross-site scripting and
script insertion attacks.
Full Advisory:
http://secunia.com/advisories/21360/
--
[SA21357] GästeChaos Script Insertion and SQL Injection
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-08-04
Tamriel has discovered some vulnerabilities in GästeChaos, which can be
exploited by malicious people to conduct script insertion and SQL
injection attacks.
Full Advisory:
http://secunia.com/advisories/21357/
--
[SA21356] CounterChaos "Referer" HTTP Header SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-08-04
Tamriel has discovered a vulnerability in CounterChaos, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21356/
--
[SA21355] GeheimChaos Multiple SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-08-04
Tamriel has discovered some vulnerabilities in GeheimChaos, which can
be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21355/
--
[SA21347] Netious CMS SQL Injection and Session Hijacking
Critical: Moderately critical
Where: From remote
Impact: Hijacking, Security Bypass, Manipulation of data
Released: 2006-08-07
Jacek Wlodarczyk has discovered two vulnerabilities in Netious CMS,
which can be exploited by malicious people to hijack user sessions and
conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21347/
--
[SA21438] MojoGallery "admin.cgi" Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-08-09
tugra and alp_eren have reported some vulnerabilities in MojoGallery,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/21438/
--
[SA21390] Simplog "keyw" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-08-08
HeLiOsZ has discovered a vulnerability in Simplog, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21390/
--
[SA21387] DeluxeBB pm.php Authentication Bypass Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
Released: 2006-08-08
Attila Gerendi has discovered a vulnerability in DeluxeBB, which can be
exploited by malicious people to bypass certain security restrictions
and disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/21387/
--
[SA21383] CakePHP error.php Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-08-07
A vulnerability has been reported in CakePHP, which can be exploited by
malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21383/
--
[SA21381] Drupal Recipe Module Script Insertion Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-08-08
A vulnerability has been reported in the Recipe Module for Drupal,
which can be exploited by malicious users to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/21381/
--
[SA21344] toendaCMS "s" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-08-04
David Vieira-Kurz has discovered a vulnerability in toendaCMS, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/21344/
--
[SA21421] ColdFusion AdminAPI Authentication Bypass
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2006-08-09
A security issue has been reported in ColdFusion, which can be
exploited by malicious, local users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21421/
--
[SA21403] PHP "sscanf()" Code Execution Safe Mode Bypass
Critical: Less critical
Where: Local system
Impact: Security Bypass
Released: 2006-08-08
Heintz has discovered a vulnerability in PHP, which potentially can be
exploited by malicious, local users to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21403/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Aug 10 2006 - 23:08:16 PDT