========================================================================
The Secunia Weekly Advisory Summary
2006-09-08 - 2006-09-15
This week: 133 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Secunia Corporate Website has been Released
Learn more about what Secunia can offer you and your company, see and
download detailed product descriptions, and view comprehensive flash
presentations of both our products and corporate profile.
Visit the Secunia Corporate Website:
http://corporate.secunia.com/
Secunia Vulnerability and Advisory Portal has been Updated
Our publicly available Vulnerability and Advisory Portal
secunia.com has been updated with improved accessibility and usability,
enhanced features, and improved search capabilities along with
availability of extensive product reports.
Over the years, the Secunia brand has become synonymous with credible,
accurate, and reliable vulnerability intelligence and our services
are used by more than 5 million unique users every year at secunia.com.
Visit the Secunia Vulnerability and Advisory Portal:
http://secunia.com/
========================================================================
2) This Week in Brief:
A new vulnerability has been identified in Internet Explorer.
The vulnerability is in the daxctle.ocx ActiveX component and allows
malicious people to compromise a vulnerable system.
Secunia has successfully created an exploit which works on fully
patched Windows XP SP2 systems. The exploit will not be released to
the public, only Secunia Exploit Code customers will have access to
the exploit.
http://corporate.secunia.com/security_vendors/46/
Additional details about the vulnerability can be found in the
referenced Secunia advisory below.
Reference:
http://secunia.com/SA21910
--
VIRUS ALERTS:
During the past week Secunia collected 224 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA21735] Microsoft Word 2000 Unspecified Code Execution
Vulnerability
2. [SA21910] Internet Explorer daxctle.ocx "KeyFrame()" Method
Vulnerability
3. [SA21865] Adobe Flash Player Multiple Vulnerabilities
4. [SA21893] Apple QuickTime Multiple Vulnerabilities
5. [SA21906] Mozilla Firefox Multiple Vulnerabilities
6. [SA21794] avast! LHA Archive Processing Buffer Overflow
Vulnerability
7. [SA21884] Symantec Products Alert Notification Two Vulnerabilities
8. [SA21851] Microsoft Windows Pragmatic General Multicast Code
Execution
9. [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
10. [SA21795] Ipswitch IMail Server SMTP Service Buffer Overflow
Vulnerability
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA21910] Internet Explorer daxctle.ocx "KeyFrame()" Method
Vulnerability
[SA21893] Apple QuickTime Multiple Vulnerabilities
[SA21863] Microsoft Publisher Font Parsing Buffer Overflow
Vulnerability
[SA21834] ICQ Pro 2003b "MCRegEx__Search" Buffer Overflow
Vulnerability
[SA21833] RaidenHTTPD "SoftParserFileXml" File Inclusion Vulnerability
[SA21918] TualBLOG "icerikno" Parameter SQL Injection Vulnerability
[SA21862] vCAP Multiple Vulnerabilities
[SA21851] Microsoft Windows Pragmatic General Multicast Code Execution
[SA21844] TFTP Server MT Absolute Path Construction Buffer Overflow
[SA21946] Snitz Forums 2000 "sortorder" Parameter Cross-Site Scripting
[SA21861] Microsoft Windows Indexing Service Cross-Site Scripting
[SA21846] OpenVPN OpenSSL RSA Signature Forgery
[SA21809] ICQ Toolbar RSS Feeds Script Insertion Vulnerabilities
[SA21884] Symantec Products Alert Notification Two Vulnerabilities
[SA21938] Symantec Norton Personal Firewall Denial of Service
UNIX/Linux:
[SA21950] rPath updates for firefox and thunderbird
[SA21949] Red Hat update for firefox
[SA21936] Gentoo update for dokuwiki
[SA21920] Shadowed Portal "root" File Inclusion Vulnerabilities
[SA21916] Red Hat update for thunderbird
[SA21915] Red Hat update for seamonkey
[SA21901] Red Hat update for flash-plugin
[SA21885] Red Hat update for wireshark
[SA21842] Mandriva update for php
[SA21813] Debian update for ethereal
[SA21934] Ubuntu update for kernel
[SA21926] Slackware update for bind
[SA21921] Gentoo update for ffmpeg
[SA21912] Gentoo update for bind
[SA21905] Debian update for isakmpd
[SA21880] Red Hat update for ncompress
[SA21879] Ubuntu update for mailman
[SA21872] iodine Unspecified Security Problems
[SA21869] Gentoo update for adplug
[SA21847] SUSE Update for Multiple Packages
[SA21838] rPath update for bind
[SA21835] OpenBSD update for BIND
[SA21832] SUSE update for ImageMagick
[SA21828] Debian update for bind9
[SA21818] Mandriva update for bind
[SA21816] Ubuntu update for bind9
[SA21942] Red Hat update for gnutls
[SA21937] GnuTLS RSA Signature Forgery Vulnerability
[SA21927] Slackware update for openssl
[SA21900] Red Hat update for XFree86
[SA21873] Debian update for openssl096
[SA21852] Debian update for openssl
[SA21848] SUSE update for apache2
[SA21837] rPath update for mailman
[SA21823] Gentoo update for openssl
[SA21820] Linux Kernel ULE Packet Handling Denial of Service
[SA21812] OpenBSD update for OpenSSL
[SA21924] Mandriva update for xorg-x11
[SA21908] Gentoo update for libXfont
[SA21904] rPath update for xorg-x11
[SA21894] Ubuntu updates for libxfont / xorg
[SA21890] XFree86 CID Encoded Fonts Integer Overflows
[SA21889] Red Hat update for xorg-x11
[SA21871] AlphaMail Password Disclosure Security Issue
[SA21864] X11 libXfont CID Encoded Fonts Integer Overflows
[SA21856] Unixware libX11 Buffer Overflow Vulnerability
[SA21845] X11 "_XKB_CHARSET" Buffer Overflow Vulnerability
[SA21815] Sun Solaris libX11 Buffer Overflow Vulnerability
[SA21919] Gentoo update for xine-lib
[SA21928] HP-UX X.25 Denial of Service Vulnerability
[SA21909] HP-UX ARPA Transport Software Denial of Service
[SA21867] Roxio Toast Titanium Insecure Temporary File Creation
Other:
[SA21876] NetPerformer Products Denial of Service Vulnerabilities
[SA21836] Avaya Products XFree86 Vulnerability
[SA21896] Cisco IOS VTP Multiple Vulnerabilities
[SA21930] Ingate Firewall and SIParator OpenSSL Vulnerability
[SA21870] Avaya Products OpenSSL Vulnerability
[SA21902] Cisco CatOS VTP Configuration Revision Handling
Vulnerability
[SA21898] Avaya PDS HP-UX LP Subsystem Denial of Service
[SA21925] Sun StorEdge 6130 Array Denial of Service Security Issue
Cross Platform:
[SA21948] Dokeos "extAuthSource['newUser']" File Inclusion
Vulnerability
[SA21943] Mambo Serverstat Component File Inclusion Vulnerability
[SA21940] Mozilla SeaMonkey Multiple Vulnerabilities
[SA21939] Mozilla Thunderbird Multiple Vulnerabilities
[SA21933] TeamCal "tc_config[app_root]" File Inclusion Vulnerability
[SA21931] Claroline "extAuthSource['newUser']" File Inclusion
Vulnerability
[SA21914] Downstat "art" File Inclusion Vulnerability
[SA21906] Mozilla Firefox Multiple Vulnerabilities
[SA21897] phpunity.postcard "gallery_path" Parameter File Inclusion
[SA21892] Quicksilver Forums "set[include_path]" File Inclusion
Vulnerability
[SA21891] p4CMS "abs_pfad" File Inclusion Vulnerability
[SA21887] Magic News Pro "script_path" File Inclusion Vulnerability
[SA21886] SQL-Ledger "terminal" Parameter Perl Code Execution
[SA21882] Vitrax Premodded "phpbb_root_path" File Inclusion
Vulnerability
[SA21878] signkorn Guestbook "dir_path" File Inclusion Vulnerability
[SA21874] OPENi-CMS "config[openi_dir]" Parameter File Inclusion
[SA21868] PayProCart Multiple File Inclusion Vulnerabilities
[SA21865] Adobe Flash Player Multiple Vulnerabilities
[SA21857] Socketwiz Bookmarks "root_dir" File Inclusion Vulnerability
[SA21855] Vivvo Article Management CMS SQL Injection and File
Inclusion
[SA21850] mcGalleryPRO "path_to_folder" File Inclusion Vulnerability
[SA21841] phpBB XS "phpbb_root_path" File Inclusion Vulnerability
[SA21826] Stefan E. Newsscript Multiple Vulnerabilities
[SA21825] Somery "skindir" File Inclusion Vulnerability
[SA21824] LedgerSMB "terminal" Parameter Perl Code Execution
[SA21819] DokuWiki "TARGET_FN" Directory Traversal Vulnerability
[SA21817] MyABraCaDaWeb "base" File Inclusion Vulnerabilities
[SA21922] NX5Linx Multiple Vulnerabilities
[SA21899] Moodle Multiple Vulnerabilities
[SA21881] webSPELL Authentication Bypass and SQL Injection
[SA21875] phpMyDirectory "letter" Cross-Site Scripting and SQL
Injection
[SA21866] ColdFusion Denial of Service and Sandbox Bypass
[SA21860] CMS.R Login SQL Injection Vulnerabilities
[SA21853] KorviBlog "livre_or.php" Script Insertion Vulnerabilities
[SA21849] PHProg Multiple Vulnerabilities
[SA21843] CCleague Pro "language" Parameter Local File Inclusion
[SA21840] XSP Directory Traversal Vulnerability
[SA21831] Timesheet PHP "username" Parameter SQL Injection
[SA21830] PHP-Fusion "maincore.php" SQL Injection Vulnerability
[SA21829] TWiki "filename" Parameter Disclosure of Sensitive
Information
[SA21822] ccHost File ID SQL Injection Vulnerability
[SA21814] Runcms SQL Injection Vulnerabilities
[SA21811] Drupal Pubcookie Module Login Security Bypass
[SA21808] BLOG:CMS SQL Injection Vulnerabilities
[SA21917] HP OpenView Operations Apache Chunked Encoding Vulnerability
[SA21935] Blojsom Multiple Script Insertion Vulnerabilities
[SA21913] Nuked-Klan Cross-Site Scripting and Cross-Site Request
Forgery
[SA21907] Drupal Userreview Module Cross-Site Scripting Vulnerability
[SA21903] Network Security Services (NSS) Signature Forgery
Vulnerability
[SA21895] PHP Event Calendar Add Event Script Insertion
Vulnerabilities
[SA21883] emuCMS "query" and "page" Cross-Site Scripting
Vulnerabilities
[SA21877] XHP CMS "errcode" Cross-Site Scripting Vulnerability
[SA21858] ColdFusion Error Page Cross-Site Scripting Vulnerability
[SA21839] Firefox Sage Extension RSS Feed Script Insertion
Vulnerability
[SA21821] MKPortal "index.php" Cross-Site Scripting Vulnerability
[SA21810] ackerTodo "task_id" Cross-Site Scripting Vulnerability
[SA21888] Novell Identity Manager Shell Scripts Command Injection
[SA21827] IBM Director OpenSSL Potential SSL 2.0 Rollback
Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA21910] Internet Explorer daxctle.ocx "KeyFrame()" Method
Vulnerability
Critical: Extremely critical
Where: From remote
Impact: System access
Released: 2006-09-14
nop has discovered a vulnerability in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21910/
--
[SA21893] Apple QuickTime Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-13
Multiple vulnerabilities have been reported in Apple QuickTime, which
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21893/
--
[SA21863] Microsoft Publisher Font Parsing Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-12
Stuart Pearson has reported a vulnerability in Microsoft Publisher,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21863/
--
[SA21834] ICQ Pro 2003b "MCRegEx__Search" Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-08
Core Security Technologies has reported a vulnerability in ICQ Pro
2003b, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/21834/
--
[SA21833] RaidenHTTPD "SoftParserFileXml" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-11
rgod has discovered a vulnerability in RaidenHTTPD, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21833/
--
[SA21918] TualBLOG "icerikno" Parameter SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-09-14
Dj ReMix has discovered a vulnerability in TualBLOG, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21918/
--
[SA21862] vCAP Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Exposure of system information,
Exposure of sensitive information, DoS
Released: 2006-09-12
Some vulnerabilities have been discovered in vCAP, which can be
exploited by malicious people to disclose sensitive information,
conduct cross-site scripting attacks, or cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21862/
--
[SA21851] Microsoft Windows Pragmatic General Multicast Code Execution
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2006-09-12
A vulnerability has been reported in Microsoft Windows XP, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21851/
--
[SA21844] TFTP Server MT Absolute Path Construction Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2006-09-12
n00b has discovered a vulnerability in TFTP Server MT, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21844/
--
[SA21946] Snitz Forums 2000 "sortorder" Parameter Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-15
ajann has reported a vulnerability in Snitz Forums 2000, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21946/
--
[SA21861] Microsoft Windows Indexing Service Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-12
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21861/
--
[SA21846] OpenVPN OpenSSL RSA Signature Forgery
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-12
A vulnerability has been reported in OpenVPN, which potentially can be
exploited by malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/21846/
--
[SA21809] ICQ Toolbar RSS Feeds Script Insertion Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-08
Core Security Technologies has discovered two vulnerabilities in ICQ
Toolbar, which can be exploited by malicious people to conduct script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/21809/
--
[SA21884] Symantec Products Alert Notification Two Vulnerabilities
Critical: Less critical
Where: Local system
Impact: Privilege escalation, DoS
Released: 2006-09-14
Some vulnerabilities have been reported in Symantec Client Security and
Symantec AntiVirus Corporate Edition, which can be exploited by
malicious, local users to cause a DoS (Denial of Service) or gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/21884/
--
[SA21938] Symantec Norton Personal Firewall Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2006-09-15
David Matousek has discovered a vulnerability in Symantec Norton
Personal Firewall, which can be exploited by malicious, local users to
cause a Denial of Service.
Full Advisory:
http://secunia.com/advisories/21938/
UNIX/Linux:--
[SA21950] rPath updates for firefox and thunderbird
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, DoS,
System access
Released: 2006-09-15
rPath has issued updates for firefox and thunderbird. These fix some
vulnerabilities, which can be exploited by malicious people to conduct
man-in-the-middle, spoofing, and cross-site scripting attacks, and
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21950/
--
[SA21949] Red Hat update for firefox
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, DoS,
System access
Released: 2006-09-15
Red Hat has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
man-in-the-middle, spoofing, and cross-site scripting attacks, and
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21949/
--
[SA21936] Gentoo update for dokuwiki
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-15
Gentoo has issued an update for dokuwiki. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21936/
--
[SA21920] Shadowed Portal "root" File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-15
mad_hacker has discovered some vulnerabilities in Shadowed Portal,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21920/
--
[SA21916] Red Hat update for thunderbird
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2006-09-15
Red Hat has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
man-in-the-middle attacks, bypass certain security restrictions, and
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21916/
--
[SA21915] Red Hat update for seamonkey
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Spoofing, DoS, System access
Released: 2006-09-15
Red Hat has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
spoofing attacks, bypass certain security restrictions, and potentially
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21915/
--
[SA21901] Red Hat update for flash-plugin
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, DoS, System access
Released: 2006-09-13
Red Hat has issued an update for flash-plugin. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21901/
--
[SA21885] Red Hat update for wireshark
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-13
Red Hat has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21885/
--
[SA21842] Mandriva update for php
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2006-09-11
Mandriva has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious, local users to bypass certain
security restrictions, or by malicious people to potentially compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21842/
--
[SA21813] Debian update for ethereal
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-08
Debian has issued an update for ethereal. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21813/
--
[SA21934] Ubuntu update for kernel
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS
Released: 2006-09-15
Ubuntu has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose potentially sensitive information, cause a DoS (Denial of
Service), and to gain escalated privileges, and by malicious users and
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21934/
--
[SA21926] Slackware update for bind
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-09-15
Slackware has issued an update for bind. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21926/
--
[SA21921] Gentoo update for ffmpeg
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-14
Gentoo has issued an update for ffmpeg. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21921/
--
[SA21912] Gentoo update for bind
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-09-15
Gentoo has issued an update for bind. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21912/
--
[SA21905] Debian update for isakmpd
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-14
Debian has issued an update for isakmpd. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21905/
--
[SA21880] Red Hat update for ncompress
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-13
Red Hat has issued an update for ncompress. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21880/
--
[SA21879] Ubuntu update for mailman
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Spoofing, DoS
Released: 2006-09-13
Ubuntu has issued an update for mailman. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and phishing attacks, and cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21879/
--
[SA21872] iodine Unspecified Security Problems
Critical: Moderately critical
Where: From remote
Impact: Unknown
Released: 2006-09-14
Some potential security problems with unknown impacts have been
reported in iodine.
Full Advisory:
http://secunia.com/advisories/21872/
--
[SA21869] Gentoo update for adplug
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-13
Gentoo has issued an update for adplug. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise applications using
the library.
Full Advisory:
http://secunia.com/advisories/21869/
--
[SA21847] SUSE Update for Multiple Packages
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation
Released: 2006-09-11
SUSE has issued an update for multiple packages. These fix some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions with escalated privileges or by malicious
people to disclose potentially sensitive information.
Full Advisory:
http://secunia.com/advisories/21847/
--
[SA21838] rPath update for bind
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-09-11
rPath has issued an update for bind. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21838/
--
[SA21835] OpenBSD update for BIND
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-09-11
OpenBSD has issued an update for BIND. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21835/
--
[SA21832] SUSE update for ImageMagick
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-11
SUSE has issued an update for ImageMagick. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21832/
--
[SA21828] Debian update for bind9
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-09-11
Debian has issued an update for bind9. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21828/
--
[SA21818] Mandriva update for bind
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-09-11
Mandriva has issued an update for bind. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21818/
--
[SA21816] Ubuntu update for bind9
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-09-08
Ubuntu has issued an update for bind9. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21816/
--
[SA21942] Red Hat update for gnutls
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-15
Red Hat has issued an update for gnutls. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21942/
--
[SA21937] GnuTLS RSA Signature Forgery Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-15
A vulnerability has been reported in GnuTLS, which can be exploited by
malicious people to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/21937/
--
[SA21927] Slackware update for openssl
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-15
Slackware has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21927/
--
[SA21900] Red Hat update for XFree86
Critical: Less critical
Where: From remote
Impact: Privilege escalation
Released: 2006-09-13
Red Hat has issued an update for XFree86. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/21900/
--
[SA21873] Debian update for openssl096
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-12
Debian has issued an update for openssl096. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21873/
--
[SA21852] Debian update for openssl
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-11
Debian has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21852/
--
[SA21848] SUSE update for apache2
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-11
SUSE has issued an update for apache2. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/21848/
--
[SA21837] rPath update for mailman
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Spoofing
Released: 2006-09-11
rPath has issued an update for mailman. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting and phishing attacks.
Full Advisory:
http://secunia.com/advisories/21837/
--
[SA21823] Gentoo update for openssl
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-08
Gentoo has issued an update for openssl. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21823/
--
[SA21820] Linux Kernel ULE Packet Handling Denial of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-09-11
Ang Way Chuang has reported a vulnerability in Linux Kernel, which can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21820/
--
[SA21812] OpenBSD update for OpenSSL
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-11
OpenBSD has issued an update for OpenSSL. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21812/
--
[SA21924] Mandriva update for xorg-x11
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-09-15
Mandriva has issued an update for xorg-x11. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/21924/
--
[SA21908] Gentoo update for libXfont
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-09-14
Gentoo has issued an update for libXfont. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/21908/
--
[SA21904] rPath update for xorg-x11
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-09-13
rPath has issued an update for xorg-x11. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/21904/
--
[SA21894] Ubuntu updates for libxfont / xorg
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-09-13
Ubuntu has issued updates for libxfont / xorg. These fix some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/21894/
--
[SA21890] XFree86 CID Encoded Fonts Integer Overflows
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-09-13
Some vulnerabilities have been reported in XFree86, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/21890/
--
[SA21889] Red Hat update for xorg-x11
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-09-13
Red Hat has issued an update for xorg-x11. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/21889/
--
[SA21871] AlphaMail Password Disclosure Security Issue
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
Released: 2006-09-13
A security issue has been reported in AlphaMail, which can be exploited
by malicious, local users to disclose certain sensitive information.
Full Advisory:
http://secunia.com/advisories/21871/
--
[SA21864] X11 libXfont CID Encoded Fonts Integer Overflows
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-09-13
Some vulnerabilities have been reported in libXfont, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/21864/
--
[SA21856] Unixware libX11 Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-09-11
RISE Security has reported a vulnerability in libX11 included in
Unixware, which can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/21856/
--
[SA21845] X11 "_XKB_CHARSET" Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-09-11
RISE Security has reported a vulnerability in libX11, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/21845/
--
[SA21815] Sun Solaris libX11 Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2006-09-08
A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/21815/
--
[SA21919] Gentoo update for xine-lib
Critical: Not critical
Where: From remote
Impact: DoS
Released: 2006-09-14
Gentoo has issued an update for xine-lib. This fixes a weakness, which
can be exploited by malicious people to crash certain applications on a
user's system.
Full Advisory:
http://secunia.com/advisories/21919/
--
[SA21928] HP-UX X.25 Denial of Service Vulnerability
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2006-09-15
A vulnerability has been reported in HP-UX, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21928/
--
[SA21909] HP-UX ARPA Transport Software Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2006-09-14
A vulnerability has been reported in HP-UX, which potentially can be
exploited by a malicious, local user to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21909/
--
[SA21867] Roxio Toast Titanium Insecure Temporary File Creation
Critical: Not critical
Where: Local system
Impact: Privilege escalation
Released: 2006-09-14
Netragard has reported a vulnerability in Roxio Toast Titanium, which
can be exploited by malicious, local users to gain escalated
privileges.
Full Advisory:
http://secunia.com/advisories/21867/
Other:--
[SA21876] NetPerformer Products Denial of Service Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2006-09-14
Arif Jatmoko has reported two vulnerabilities in various NetPerformer
products, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/21876/
--
[SA21836] Avaya Products XFree86 Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2006-09-12
Avaya has acknowledged a vulnerability in XFree86 included in various
Avaya products, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21836/
--
[SA21896] Cisco IOS VTP Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Manipulation of data, DoS, System access
Released: 2006-09-14
FX has reported some vulnerabilities in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially to compromise a vulnerable network device.
Full Advisory:
http://secunia.com/advisories/21896/
--
[SA21930] Ingate Firewall and SIParator OpenSSL Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-15
Ingate has acknowledged a vulnerability in their Ingate Firewall and
SIParator products, which can be exploited by malicious people to
bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/21930/
--
[SA21870] Avaya Products OpenSSL Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-12
Avaya has acknowledged a vulnerability in OpenSSL included in various
Avaya products, which potentially can be exploited by malicious people
to bypass certain security restrictions.
Full Advisory:
http://secunia.com/advisories/21870/
--
[SA21902] Cisco CatOS VTP Configuration Revision Handling
Vulnerability
Critical: Less critical
Where: From local network
Impact: Manipulation of data, DoS
Released: 2006-09-14
FX has reported a vulnerability in Cisco CatOS, which can be exploited
by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21902/
--
[SA21898] Avaya PDS HP-UX LP Subsystem Denial of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2006-09-13
Avaya has acknowledged a vulnerability in Avaya Predictive Dialing
System (PDS), which potentially can be exploited by malicious users to
cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/21898/
--
[SA21925] Sun StorEdge 6130 Array Denial of Service Security Issue
Critical: Not critical
Where: From local network
Impact: DoS
Released: 2006-09-15
A security issue has been reported in Sun StorEdge 6130 Array, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21925/
Cross Platform:--
[SA21948] Dokeos "extAuthSource['newUser']" File Inclusion
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-15
James Bercegay has reported a vulnerability in Dokeos, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21948/
--
[SA21943] Mambo Serverstat Component File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-15
xoron has discovered a vulnerability in the Serverstat component for
Mambo, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21943/
--
[SA21940] Mozilla SeaMonkey Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Spoofing, DoS, System access
Released: 2006-09-15
Some vulnerabilities have been reported in Mozilla SeaMonkey, which can
be exploited by malicious people to conduct spoofing attacks, bypass
certain security restrictions, and potentially compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/21940/
--
[SA21939] Mozilla Thunderbird Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2006-09-15
Some vulnerabilities have been reported in Mozilla Thunderbird, which
can be exploited by malicious people to conduct man-in-the-middle
attacks, bypass certain security restrictions, and potentially
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21939/
--
[SA21933] TeamCal "tc_config[app_root]" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-15
PSYCH@ has reported a vulnerability in TeamCal Pro, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21933/
--
[SA21931] Claroline "extAuthSource['newUser']" File Inclusion
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-15
James Bercegay has reported a vulnerability in Caroline, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21931/
--
[SA21914] Downstat "art" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-14
sZ has discovered some vulnerabilities in Downstat, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21914/
--
[SA21906] Mozilla Firefox Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, Cross Site Scripting, Spoofing, DoS,
System access
Released: 2006-09-15
Some vulnerabilities have been reported in Mozilla Firefox, which can
be exploited by malicious people to conduct man-in-the-middle,
spoofing, and cross-site scripting attacks, and potentially compromise
a user's system.
Full Advisory:
http://secunia.com/advisories/21906/
--
[SA21897] phpunity.postcard "gallery_path" Parameter File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-14
Rivertam has discovered a vulnerability in phpunity.postcard, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21897/
--
[SA21892] Quicksilver Forums "set[include_path]" File Inclusion
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-14
mdx has reported a vulnerability in Quicksilver Forums, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21892/
--
[SA21891] p4CMS "abs_pfad" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-13
SHiKaA has reported a vulnerability in p4CMS, which can be exploited by
malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21891/
--
[SA21887] Magic News Pro "script_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-14
A vulnerability has been reported in Magic News Pro, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21887/
--
[SA21886] SQL-Ledger "terminal" Parameter Perl Code Execution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-12
A vulnerability has been reported in SQL-Ledger, which potentially can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21886/
--
[SA21882] Vitrax Premodded "phpbb_root_path" File Inclusion
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-13
CeNGiZ-HaN has reported a vulnerability in Vitrax Premodded, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21882/
--
[SA21878] signkorn Guestbook "dir_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-13
SHiKaA has reported a vulnerability in signkorn Guestbook, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21878/
--
[SA21874] OPENi-CMS "config[openi_dir]" Parameter File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-12
basher13 has discovered a vulnerability in OPENi-CMS, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21874/
--
[SA21868] PayProCart Multiple File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-12
Eddy_BAck0o has reported some vulnerabilities in PayProCart, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21868/
--
[SA21865] Adobe Flash Player Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Security Bypass, System access
Released: 2006-09-12
Multiple vulnerabilities have been reported in Adobe Flash Player,
which can be exploited by malicious people to bypass certain security
restrictions or compromise a user's system.
Full Advisory:
http://secunia.com/advisories/21865/
--
[SA21857] Socketwiz Bookmarks "root_dir" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-11
Kacper has reported a vulnerability in Socketwiz Bookmarks, which can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21857/
--
[SA21855] Vivvo Article Management CMS SQL Injection and File
Inclusion
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Released: 2006-09-11
MercilessTurk has reported some vulnerabilities in Vivvo Article
Management CMS, which can be exploited by malicious people to conduct
SQL injection attacks and to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21855/
--
[SA21850] mcGalleryPRO "path_to_folder" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-11
Solpot has reported a vulnerability in mcGalleryPRO, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21850/
--
[SA21841] phpBB XS "phpbb_root_path" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-12
AzzCoder has discovered a vulnerability in phpBB XS, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21841/
--
[SA21826] Stefan E. Newsscript Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information, System access
Released: 2006-09-12
Some vulnerabilities have been reported in Stefan E. Newsscript, which
can be exploited by malicious people to disclose potentially sensitive
information or compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21826/
--
[SA21825] Somery "skindir" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-08
basher13 has reported a vulnerability in Somery, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21825/
--
[SA21824] LedgerSMB "terminal" Parameter Perl Code Execution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-12
A vulnerability has been reported in LedgerSMB, which potentially can
be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21824/
--
[SA21819] DokuWiki "TARGET_FN" Directory Traversal Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-08
rgod has discovered a vulnerability in DokuWiki, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21819/
--
[SA21817] MyABraCaDaWeb "base" File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2006-09-11
ERNE has reported some vulnerabilities in MyABraCaDaWeb, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21817/
--
[SA21922] NX5Linx Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Spoofing, Manipulation of data, Exposure of system
information, Exposure of sensitive information
Released: 2006-09-15
Aliaksandr Hartsuyeu has reported some vulnerabilities within NX5Linx,
which can be exploited by malicious people to disclose potentially
sensitive information or conduct SQL injection and HTTP
response-splitting attacks.
Full Advisory:
http://secunia.com/advisories/21922/
--
[SA21899] Moodle Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released: 2006-09-13
Some vulnerabilities have been reported in Moodle, which can be
exploited by malicious people to disclose potentially sensitive
information, and conduct cross-site scripting and SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/21899/
--
[SA21881] webSPELL Authentication Bypass and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data, Exposure of
sensitive information
Released: 2006-09-13
Some vulnerabilities have been discovered in webSPELL, which can be
exploited to by malicious people to disclose certain sensitive
information and conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21881/
--
[SA21875] phpMyDirectory "letter" Cross-Site Scripting and SQL
Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-09-12
eric basher has reported some vulnerabilities in phpMyDirectory, which
can be exploited by malicious people to conduct SQL injection or
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21875/
--
[SA21866] ColdFusion Denial of Service and Sandbox Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2006-09-13
Two vulnerabilities have been reported in ColdFusion, which can be
exploited by malicious, local users to bypass certain security
restrictions and by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/21866/
--
[SA21860] CMS.R Login SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2006-09-12
HACKERS PAL has discovered two vulnerabilities in CMS.R, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21860/
--
[SA21853] KorviBlog "livre_or.php" Script Insertion Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-11
cdg393 has discovered some vulnerabilities in KorviBlog, which can be
exploited by malicious people to conduct script insertion attacks.
Full Advisory:
http://secunia.com/advisories/21853/
--
[SA21849] PHProg Multiple Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2006-09-11
cdg393 has discovered some vulnerabilities in PHProg, which can be
exploited by malicious people to conduct cross-site scripting attacks,
disclose potentially sensitive information, and potentially compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21849/
--
[SA21843] CCleague Pro "language" Parameter Local File Inclusion
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, System access
Released: 2006-09-11
Kacper has discovered a vulnerability in CCleague Pro, which can be
exploited by malicious people to disclose sensitive information and
potentially compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/21843/
--
[SA21840] XSP Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2006-09-11
A vulnerability has been reported in XSP, which can be exploited by
malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/21840/
--
[SA21831] Timesheet PHP "username" Parameter SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-09-11
Secaware Research has discovered a vulnerability in Timesheet PHP,
which can be exploited by malicious people to conduct SQL injection
attacks.
Full Advisory:
http://secunia.com/advisories/21831/
--
[SA21830] PHP-Fusion "maincore.php" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-09-08
A vulnerability has been reported in PHP-Fusion, which can be exploited
by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21830/
--
[SA21829] TWiki "filename" Parameter Disclosure of Sensitive
Information
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2006-09-08
A vulnerability has been reported in TWiki, which can be exploited by
malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/21829/
--
[SA21822] ccHost File ID SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-09-12
A vulnerability has been reported in ccHost, which can be exploited by
malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21822/
--
[SA21814] Runcms SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-09-08
Omid has reported some vulnerabilities in Runcms, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21814/
--
[SA21811] Drupal Pubcookie Module Login Security Bypass
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-08
A vulnerability has been reported in the Pubcookie module for Drupal,
which can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21811/
--
[SA21808] BLOG:CMS SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-09-08
Omid has discovered some vulnerabilities in BLOG:CMS, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/21808/
--
[SA21917] HP OpenView Operations Apache Chunked Encoding Vulnerability
Critical: Moderately critical
Where: From local network
Impact: DoS, System access
Released: 2006-09-14
HP has acknowledged a vulnerability in HP OpenView Operations and HP
OpenView Operations for Windows, which can be exploited by malicious
people to cause a DoS (Denial of Service) and potentially compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/21917/
--
[SA21935] Blojsom Multiple Script Insertion Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-15
Avinash Shenoi has discovered some vulnerabilities in Blojsom, which
can be exploited by malicious users to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/21935/
--
[SA21913] Nuked-Klan Cross-Site Scripting and Cross-Site Request
Forgery
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Released: 2006-09-15
Blwood has discovered two vulnerabilities in Nuked-Klan, which can be
exploited by malicious people to conduct cross-site scripting and
cross-site request forgery attacks.
Full Advisory:
http://secunia.com/advisories/21913/
--
[SA21907] Drupal Userreview Module Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-14
A vulnerability has been reported in the Userreview module for Drupal,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/21907/
--
[SA21903] Network Security Services (NSS) Signature Forgery
Vulnerability
Critical: Less critical
Where: From remote
Impact: Security Bypass
Released: 2006-09-15
A vulnerability has been reported in Network Security Services (NSS),
which potentially can be exploited by malicious people to bypass
certain security restrictions.
Full Advisory:
http://secunia.com/advisories/21903/
--
[SA21895] PHP Event Calendar Add Event Script Insertion
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-13
NR Nandini has reported some vulnerabilities in PHP Event Calendar,
which can be exploited by certain malicious users to conduct script
insertion attacks.
Full Advisory:
http://secunia.com/advisories/21895/
--
[SA21883] emuCMS "query" and "page" Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-14
Ivan Markovic has discovered some vulnerabilities in emuCMS, which can
be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/21883/
--
[SA21877] XHP CMS "errcode" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-12
HACKERS PAL has discovered a vulnerability in XHP CMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21877/
--
[SA21858] ColdFusion Error Page Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-13
A vulnerability has been reported in ColdFusion, which can be exploited
by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21858/
--
[SA21839] Firefox Sage Extension RSS Feed Script Insertion
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-11
pdp has discovered a vulnerability in the Sage extension for Firefox,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/21839/
--
[SA21821] MKPortal "index.php" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-08
Crack_man has discovered a vulnerability in MKPortal, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21821/
--
[SA21810] ackerTodo "task_id" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2006-09-08
viz.security has reported a vulnerability in ackerTodo, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/21810/
--
[SA21888] Novell Identity Manager Shell Scripts Command Injection
Critical: Less critical
Where: From local network
Impact: System access
Released: 2006-09-14
A vulnerability has been reported in Novell Identity Manager, which can
be exploited by certain malicious users to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/21888/
--
[SA21827] IBM Director OpenSSL Potential SSL 2.0 Rollback
Vulnerability
Critical: Not critical
Where: From local network
Impact: Security Bypass
Released: 2006-09-08
IBM has acknowledged a vulnerability in IBM Director, which potentially
can be exploited by malicious people to bypass certain security
restrictions.
Full Advisory:
http://secunia.com/advisories/21827/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_________________________________
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/
This archive was generated by hypermail 2.1.3 : Sun Sep 17 2006 - 22:42:22 PDT