[ISN] Secunia Weekly Summary - Issue: 2006-35

From: InfoSec News (alerts@private)
Date: Fri Sep 01 2006 - 02:13:12 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2006-08-24 - 2006-08-31                        

                       This week: 65 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Secunia Corporate Website has been Released

Learn more about what Secunia can offer you and your company, see and
download detailed product descriptions, and view comprehensive flash
presentations of both our products and corporate profile.

Visit the Secunia Corporate Website:
http://corporate.secunia.com/


Secunia Vulnerability and Advisory Portal has been Updated

Our publicly available Vulnerability and Advisory Portal
secunia.com has been updated with improved accessibility and usability,
enhanced features, and improved search capabilities along with
availability of extensive product reports.

Over the years, the Secunia brand has become synonymous with credible,
accurate, and reliable vulnerability intelligence and our services
are used by more than 5 million unique users every year at secunia.com.

Visit the Secunia Vulnerability and Advisory Portal:
http://secunia.com/

========================================================================
2) This Week in Brief:

Some vulnerabilities have been reported in Zend Platform, which can be
exploited by malicious people to cause a DoS (Denial of Service),
disclose sensitive information, bypass certain security restrictions,
and potentially compromise a vulnerable system.

Additional details can be found in the referenced Secunia advisory
below.

Reference:
http://secunia.com/SA21573

 --

Some vulnerabilities have been reported in Wireshark, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

The vendor has released an updated version fixing these
vulnerabilities.

Reference:
http://secunia.com/SA21597

 --

VIRUS ALERTS:

During the past week Secunia collected 172 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA21557] Internet Explorer URL Compression Buffer Overflow
2.  [SA21637] Sendmail Long Header Denial of Service Vulnerability
3.  [SA21616] Cisco Firewall Products Unintentional Password
              Modification
4.  [SA21628] Sun Java System Content Delivery Server Arbitrary File
              Disclosure
5.  [SA21622] Sun Solaris update for mozilla
6.  [SA21573] Zend Platform Multiple Vulnerabilities
7.  [SA21617] Cisco VPN 3000 Concentrator FTP Management
              Vulnerabilities
8.  [SA21630] Dell Color Laser Printers Multiple Vulnerabilities
9.  [SA21597] Wireshark Multiple Vulnerabilities
10. [SA21615] ImageMagick XCF and Sun Rasterfile Buffer Overflows

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA21674] JS ASP Faq Manager SQL Injection Vulnerabilities
[SA21670] DUpoll DUpoll.mdb Database Disclosure Security Issue
[SA21669] Freekot Login SQL Injection Vulnerabilities
[SA21645] MyBB Avatar / Attachment Script Insertion Vulnerability
[SA21638] Cybozu Collaborex Arbitrary File Download Vulnerability
[SA21623] Cybozu Office Arbitrary File Download and Information
Disclosure

UNIX/Linux:
[SA21699] Mandriva update for musicbrainz
[SA21682] Gentoo update for wireshark
[SA21675] Debian update for mozilla-firefox
[SA21668] Debian update for libmusicbrainz-2.0
[SA21654] Debian update for mozilla-thunderbird
[SA21649] Mandriva update for wireshark
[SA21639] Gentoo alsaplayer Multiple Buffer Overflow Vulnerabilities
[SA21634] Debian update for mozilla
[SA21631] Red Hat update for seamonkey
[SA21700] Mandriva update for sendmail
[SA21696] Debian update for sendmail
[SA21679] Mandriva update for ImageMagick
[SA21671] rPath update for ImageMagick
[SA21658] Debian update for streamripper
[SA21657] Debian update for ruby1.8
[SA21652] OpenBSD isakmpd IPSec Sequence Number Verification Bypass
[SA21647] Avaya CMS / IR Sun Solaris Sendmail Denial of Service
[SA21641] OpenBSD update for sendmail
[SA21637] Sendmail Long Header Denial of Service Vulnerability
[SA21632] Red Hat update for kdegraphics
[SA21628] Sun Java System Content Delivery Server Arbitrary File
Disclosure
[SA21626] Mandriva update for xorg-x11
[SA21655] OpenBSD update for dhcpd
[SA21629] Gentoo update for heartbeat
[SA21684] Gentoo update for motor
[SA21683] Gentoo update for php
[SA21662] Debian update for kdebase
[SA21660] Gentoo Update for Multiple Packages
[SA21650] X.Org X11 setuid Security Issues
[SA21633] Sun Solaris pkgadd Insecure File Permissions
[SA21685] rPath update for mysql
[SA21627] Mandriva update for MySQL
[SA21642] OpenBSD sempahores Denial of Service Vulnerability

Other:
[SA21630] Dell Color Laser Printers Multiple Vulnerabilities
[SA21705] OpenVMS Session Control Password Disclosure Security Issue
[SA21646] Avaya Products Perl "PERLIO_DEBUG" Privilege Escalation

Cross Platform:
[SA21688] MiniBill "config[include_dir]" Parameter File Inclusion
[SA21681] ExBB Italia "exbb[home_path]" File Inclusion Vulnerability
[SA21676] phpECard "include_path" File Inclusion Vulnerabilities
[SA21661] Ay System WCS "path[ShowProcessHandle]" File Inclusion
[SA21651] AlberT-EasySite "PSA_PATH" File Inclusion Vulnerability
[SA21640] Web3news "PHPSECURITYADMIN_PATH" File Inclusion
[SA21636] Joomla Community Builder Component File Inclusion
[SA21624] phpCOIN "_CCFG[_PKG_PATH_INCL]" File Inclusion
[SA21687] phpGroupWare Local File Inclusion Vulnerability
[SA21667] PmWiki Table Markups Script Insertion Vulnerability
[SA21666] Joomla! Multiple Vulnerabilities
[SA21659] CubeCart Multiple Vulnerabilities
[SA21643] Xoops "user_avatar" Parameter SQL Injection Vulnerability
[SA21625] eFiction Authentication Bypass Vulnerability
[SA21677] MaxDB WebDBM Buffer Overflow Vulnerability
[SA21665] Joomla! "id" Parameter SQL Injection Vulnerability
[SA21664] Cybozu Garoon SQL Injection Vulnerabilities
[SA21663] ModernBill Payment SSL Missing Peer Certificate Verification
[SA21656] Cybozu Products Arbitrary File Download Vulnerability
[SA21648] Fotopholder "path" Cross-Site Scripting Vulnerability
[SA21644] Mambo "id" Parameter SQL Injection Vulnerability
[SA21635] HLstats Multiple Cross-Site Scripting Vulnerabilities
[SA21686] xbiff2 Insecure File Permissions

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA21674] JS ASP Faq Manager SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-08-30

s3rv3r_hack3r has reported some vulnerabilities in JS ASP Faq Manager,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/21674/

 --

[SA21670] DUpoll DUpoll.mdb Database Disclosure Security Issue

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-08-30

BoZKuRTSeRDar has discovered a security issue in DUpoll, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/21670/

 --

[SA21669] Freekot Login SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2006-08-31

FarhadKey has discovered two vulnerabilities in Freekot, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/21669/

 --

[SA21645] MyBB Avatar / Attachment Script Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-28

Redworm has discovered a vulnerability in MyBB, which can be exploited
by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/21645/

 --

[SA21638] Cybozu Collaborex Arbitrary File Download Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-08-28

Cybozu has acknowledged a vulnerability in Cybozu Collaborex, which can
be exploited by malicious users to gain knowledge of sensitive
information.

Full Advisory:
http://secunia.com/advisories/21638/

 --

[SA21623] Cybozu Office Arbitrary File Download and Information
Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-08-28

Some vulnerabilities have been reported in Cybozu Office, which can be
exploited to gain knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/21623/


UNIX/Linux:--

[SA21699] Mandriva update for musicbrainz

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-31

Mandriva has issued an update for musicbrainz. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/21699/

 --

[SA21682] Gentoo update for wireshark

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-30

Gentoo has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/21682/

 --

[SA21675] Debian update for mozilla-firefox

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, DoS, System access
Released:    2006-08-30

Debian has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21675/

 --

[SA21668] Debian update for libmusicbrainz-2.0

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-30

Debian has issued an update for libmusicbrainz-2.0. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/21668/

 --

[SA21654] Debian update for mozilla-thunderbird

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-08-28

Debian has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21654/

 --

[SA21649] Mandriva update for wireshark

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-28

Mandriva has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/21649/

 --

[SA21639] Gentoo alsaplayer Multiple Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-28

Gentoo has acknowledged some vulnerabilities in alsaplayer, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/21639/

 --

[SA21634] Debian update for mozilla

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-08-29

Debian has issued an update for mozilla. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21634/

 --

[SA21631] Red Hat update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, DoS, System access
Released:    2006-08-28

Red Hat has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting and HTTP
response smuggling attacks, disclose sensitive information and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21631/

 --

[SA21700] Mandriva update for sendmail

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-08-31

Mandriva has issued an update for sendmail. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/21700/

 --

[SA21696] Debian update for sendmail

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-08-31

Debian has issued an update for sendmail. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/21696/

 --

[SA21679] Mandriva update for ImageMagick

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-30

Mandriva has issued an update for ImageMagick. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21679/

 --

[SA21671] rPath update for ImageMagick

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-30

rPath has issued an update for ImageMagick. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21671/

 --

[SA21658] Debian update for streamripper

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-28

Debian has issued an update for streamripper. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/21658/

 --

[SA21657] Debian update for ruby1.8

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2006-08-28

Debian has issued an update for ruby1.8. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21657/

 --

[SA21652] OpenBSD isakmpd IPSec Sequence Number Verification Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-08-28

A security issue has been reported in OpenBSD, which can be exploited
by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/21652/

 --

[SA21647] Avaya CMS / IR Sun Solaris Sendmail Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-08-30

Avaya has acknowledged a vulnerability in Avaya CMS and IR, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21647/

 --

[SA21641] OpenBSD update for sendmail

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-08-28

OpenBSD has issued an update for sendmail. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/21641/

 --

[SA21637] Sendmail Long Header Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-08-28

A vulnerability has been reported in Sendmail, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21637/

 --

[SA21632] Red Hat update for kdegraphics

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-28

Red Hat has issued an update for kdegraphics. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/21632/

 --

[SA21628] Sun Java System Content Delivery Server Arbitrary File
Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-08-25

A vulnerability has been reported in Sun Java System Content Delivery
Server, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/21628/

 --

[SA21626] Mandriva update for xorg-x11

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-08-25

Mandriva has issued an update for xorg-x11. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21626/

 --

[SA21655] OpenBSD update for dhcpd

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-08-28

OpenBSD has issued an update for dhcpd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/21655/

 --

[SA21629] Gentoo update for heartbeat

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-08-25

Gentoo has issued an update for heartbeat. This fixes some
vulnerabilities, which can be exploited by malicious, local users and
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21629/

 --

[SA21684] Gentoo update for motor

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-08-30

Gentoo has issued an update for motor. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/21684/

 --

[SA21683] Gentoo update for php

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-08-30

Gentoo has issued an update for php. This fixes a vulnerability, which
can be exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/21683/

 --

[SA21662] Debian update for kdebase

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-08-28

Debian has issued an update for kdebase. This fixes a vulnerability,
which can be exploited by malicious, local users to gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/21662/

 --

[SA21660] Gentoo Update for Multiple Packages

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-08-29

Gentoo has issued an update for multiple packages. This fixes some
security issues, which can be exploited by malicious, local users to
perform certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/21660/

 --

[SA21650] X.Org X11 setuid Security Issues

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-08-29

Some security issues have been reported in X.Org X11, which can be
exploited by malicious, local users to perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/21650/

 --

[SA21633] Sun Solaris pkgadd Insecure File Permissions

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data, Privilege escalation
Released:    2006-08-28

A security issue has been reported in Sun Solaris, which can be
exploited by malicious, local users to disclose sensitive information
or gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/21633/

 --

[SA21685] rPath update for mysql

Critical:    Not critical
Where:       From local network
Impact:      Security Bypass
Released:    2006-08-30

rPath has issued an update for mysql. This fixes a vulnerability, which
can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/21685/

 --

[SA21627] Mandriva update for MySQL

Critical:    Not critical
Where:       From local network
Impact:      Security Bypass
Released:    2006-08-25

Mandriva has issued an update for MySQL. This fixes some
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/21627/

 --

[SA21642] OpenBSD sempahores Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-08-28

A vulnerability has been reported in OpenBSD, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21642/


Other:--

[SA21630] Dell Color Laser Printers Multiple Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass, DoS
Released:    2006-08-28

Some vulnerabilities have been reported in various Dell Color Laser
Printers, which can be exploited by malicious people to bypass certain
security restrictions or to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/21630/

 --

[SA21705] OpenVMS Session Control Password Disclosure Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-08-31

A security issue has been reported in OpenVMS, which may disclose
sensitive information to malicious, local users.

Full Advisory:
http://secunia.com/advisories/21705/

 --

[SA21646] Avaya Products Perl "PERLIO_DEBUG" Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-08-28

Avaya has acknowledged some vulnerabilities in perl included in Avaya
products, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/21646/


Cross Platform:--

[SA21688] MiniBill "config[include_dir]" Parameter File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-30

the master has discovered a vulnerability in MiniBill, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21688/

 --

[SA21681] ExBB Italia "exbb[home_path]" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-30

SHiKaA has discovered a vulnerability in ExBB Italia, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21681/

 --

[SA21676] phpECard "include_path" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-30

Some vulnerabilities have been discovered in phpECard, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21676/

 --

[SA21661] Ay System WCS "path[ShowProcessHandle]" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-28

SHiKaA has discovered some vulnerabilities in Ay System WCS, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21661/

 --

[SA21651] AlberT-EasySite "PSA_PATH" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-28

Kacper has reported a vulnerability in AlberT-EasySite, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21651/

 --

[SA21640] Web3news "PHPSECURITYADMIN_PATH" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-29

SHiKaA has discovered a vulnerability in Web3news, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21640/

 --

[SA21636] Joomla Community Builder Component File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-28

Matdhule has reported a vulnerability in the Community Builder
component for Joomla, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21636/

 --

[SA21624] phpCOIN "_CCFG[_PKG_PATH_INCL]" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-08-25

Timq has discovered some vulnerabilities in phpCOIN, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21624/

 --

[SA21687] phpGroupWare Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-08-30

Kacper has discovered a vulnerability in phpGroupWare, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/21687/

 --

[SA21667] PmWiki Table Markups Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-29

A vulnerability has been reported in PmWiki, which potentially can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/21667/

 --

[SA21666] Joomla! Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Security Bypass, Cross Site Scripting
Released:    2006-08-29

Some vulnerabilities have been reported in Joomla!, where some have
unknown impacts, and others can be exploited by malicious people to
conduct cross-site scripting attacks and bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/21666/

 --

[SA21659] CubeCart Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released:    2006-08-31

James Bercegay has discovered some vulnerabilities in CubeCart, which
can be exploited by malicious people to conduct cross-site scripting
and SQL injection attacks, and to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/21659/

 --

[SA21643] Xoops "user_avatar" Parameter SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-08-28

Omid has reported a vulnerability in Xoops, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/21643/

 --

[SA21625] eFiction Authentication Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-08-28

Vipsta has discovered a vulnerability in eFiction, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/21625/

 --

[SA21677] MaxDB WebDBM Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-08-30

Oliver Karow has reported a vulnerability in MaxDB, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/21677/

 --

[SA21665] Joomla! "id" Parameter SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-08-28

A vulnerability has been discovered in Joomla!, which can be exploited
by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/21665/

 --

[SA21664] Cybozu Garoon SQL Injection Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2006-08-28

Tan Chew Keong has reported some vulnerabilities in Cybozu Garoon,
which can be exploited by malicious users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/21664/

 --

[SA21663] ModernBill Payment SSL Missing Peer Certificate Verification

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-08-30

Justin Samuel has reported a security issue in ModernBill, which can be
exploited by malicious people to conduct man-in-the-middle (MITM)
attacks.

Full Advisory:
http://secunia.com/advisories/21663/

 --

[SA21656] Cybozu Products Arbitrary File Download Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-08-28

Cybozu has acknowledged a vulnerability in various Cybozu products,
which can be exploited by malicious users to gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/21656/

 --

[SA21648] Fotopholder "path" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-28

Vampire has discovered a vulnerability in Fotopholder, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/21648/

 --

[SA21644] Mambo "id" Parameter SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-08-28

Omid has discovered a vulnerability in Mambo, which can be exploited by
malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/21644/

 --

[SA21635] HLstats Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-08-29

Some vulnerabilities have been discovered in HLstats, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/21635/

 --

[SA21686] xbiff2 Insecure File Permissions

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-08-30

Thomas Wolff has discovered a security issue in xbiff2, which can be
exploited by malicious, local users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/21686/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________
HITBSecConf2006 - Malaysia 
The largest network security event in Asia 
32 internationally renowned speakers 
7 tracks of hands-on technical training sessions. 
Register now: http://conference.hitb.org/hitbsecconf2006kl/



This archive was generated by hypermail 2.1.3 : Fri Sep 01 2006 - 02:20:56 PDT