[ISN] Secunia Weekly Summary - Issue: 2006-45

From: InfoSec News (alerts@private)
Date: Thu Nov 09 2006 - 23:05:14 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2006-11-02 - 2006-11-09                        

                       This week: 71 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

We are proud to announce the availability of the Secunia "Security
Watchdog" Blog.

The Secunia "Security Watchdog" Blog is used to communicate our
opinions about vulnerabilities, security, ethics, and our responses to
articles, research papers, and other blog entries regarding Secunia
and vulnerabilities.

To get the facts about vulnerabilities read our Secunia advisories. To
get our opinions read the Secunia "Security Watchdog" Blog.

The Blog:
http://secunia.com/blog/

Subscribe to the RSS Feed:
http://secunia.com/blog_rss/o.rss

========================================================================
2) This Week in Brief:

Another "Zero-day" vulnerability, this time affecting Microsoft XML
Core Services has been reported.

The vulnerability can be exploited by malicious people to compromise a
users system.

Secunia has issue a "Extremely Critical" advisory regarding this
vulnerability as it is already being actively exploited.

Reference:
http://secunia.com/SA22687

 --
 
Some vulnerabilities have been reported in Mozilla Firefox and Mozilla
SeaMonkey, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.

Reference:
http://secunia.com/SA22722

 --
 
A vulnerability has been reported in America Online ICQ, which can be
exploited by malicious people to compromise a user's system.

The vendor has issued a fix, which is applied automatically once
connected to the ICQ service.

Reference:
http://secunia.com/SA22670

 --

VIRUS ALERTS:

During the past week Secunia collected 166 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA22687] Microsoft XMLHTTP ActiveX Control Code Execution
              Vulnerability
2.  [SA22477] Internet Explorer 7 "mhtml:" Redirection Information
              Disclosure
3.  [SA22653] PHP "htmlentities()" and "htmlspecialchars()" Buffer
              Overflows
4.  [SA22628] Internet Explorer 7 Window Injection Vulnerability
5.  [SA22603] Microsoft Visual Studio WMI Object Broker ActiveX Control
              Code Execution
6.  [SA21910] Internet Explorer daxctle.ocx "KeyFrame()" Method
              Vulnerability
7.  [SA22542] Internet Explorer 7 Popup Address Bar Spoofing Weakness
8.  [SA22722] Mozilla Firefox and SeaMonkey Multiple Vulnerabilities
9.  [SA13129] Mozilla / Mozilla Firefox Window Injection Vulnerability
10. [SA19738] Internet Explorer "mhtml:" Redirection Disclosure of
              Sensitive Information

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA22687] Microsoft XMLHTTP ActiveX Control Code Execution
Vulnerability
[SA22718] Essentia Web Server GET/HEAD Buffer Overflow
[SA22751] Omni-NFS NFS Server Buffer Overflow
[SA22755] War FTP Daemon CWD Denial Of Service
[SA22739] Easy Chat Server Information Disclosure Security Issue
[SA22717] XM Easy Personal FTP Server NLST Denial Of Service

UNIX/Linux:
[SA22769] GreenBeast CMS File Upload And Logon Bypass
[SA22764] Gentoo update for nvidia-drivers
[SA22763] Red Hat update for seamonkey
[SA22756] Advanced Guestbook "include_path" Parameter File Inclusion
[SA22753] Red Hat update for PHP
[SA22752] Mandriva update for imlib2
[SA22744] Ubuntu update for imlib2
[SA22737] Red Hat update for firefox
[SA22732] imlib2 Multiple Image File Processing Vulnerabilities
[SA22730] Ubuntu update for nvidia-glx
[SA22713] Debian update for php4
[SA22693] Mandriva update for php
[SA22688] Ubuntu update for PHP
[SA22762] Mandriva update for kernel
[SA22750] OpenLDAP BIND Denial of Service Vulnerability
[SA22738] Gentoo update for qt
[SA22731] Linux Kernel Fragmented IPv6 Packet Filtering Bypass
[SA22727] Red Hat update for thunderbird
[SA22709] OpenWBEM Unspecified Privilege Escalation Vulnerability
[SA22703] Quick.Cms.Lite "sLanguage" Cookie Local File Inclusion
[SA22692] Mandriva update for wireshark
[SA22768] Mandriva update for librpm4
[SA22761] Red Hat update for ruby
[SA22745] Ubuntu update for librpm4
[SA22740] RPM Buffer Overflow Vulnerability
[SA22726] Slackware update for screen
[SA22715] If-CMS "rns" Cross-Site Scripting Vulnerability
[SA22707] Gentoo update for screen
[SA22697] Hyper NIKKI System Cross-Site Scripting Vulnerability
[SA22696] Mandriva update for pam_ldap
[SA22694] Debian update for pam_ldap
[SA22700] OWFS owserver Path Type Denial Of Service
[SA22749] Mandriva update for libx11
[SA22742] OpenBase SQL "openexec" Privilege Escalation Vulnerability
[SA22736] FreeBSD "ffs_mountfs()" Integer Overflow Vulnerability
[SA22712] Debian update for thttpd
[SA22767] Fedora Core "zlib_inflate()" Denial of Service Vulnerability
[SA22746] Fedora Core ISO9660 Local Denial of Service
[SA22714] Sun Solaris UFS File System Denial Of Service
[SA22702] Linux Kernel ISO9660 Local Denial of Service

Other:


Cross Platform:
[SA22772] cwRsync OpenSSL Vulnerabilities and OpenSSH Weakness
[SA22757] iPrimal Forums Multiple Vulnerabilities
[SA22748] iWare Professional SimpleChat "msg" PHP Code Execution
[SA22735] Soholaunch Pro "_SESSION[docroot_path]" File Inclusion
[SA22722] Mozilla Firefox and SeaMonkey Multiple Vulnerabilities
[SA22721] Cyberfolio "av" File Inclusion Vulnerabilities
[SA22710] phpDynaSite "racine" File Inclusion Vulnerabilities
[SA22708] SazCart "cart.php" File Inclusion Vulnerability
[SA22695] OpenEMR "srcdir" Parameter File Inclusion Vulnerabilities
[SA22770] Mozilla Thunderbird Multiple Vulnerabilities
[SA22729] Creasito "finame" Parameter Authentication Bypass
[SA22720] FunkBoard "name" Script Insertion Vulnerability
[SA22719] All In One Control Panel (AIOCP) Multiple Vulnerabilities
[SA22706] Webdrivers Simple Forum "id" SQL Injection Vulnerability
[SA22704] PHP Classifieds "user_id" SQL Injection Vulnerability
[SA22698] Article Script "category" SQL Injection Vulnerability
[SA22691] HP System Management Homepage PHP Multiple Vulnerabilities
[SA22689] Slackware update for bind
[SA22760] phpComasy "username" and "password" Cross-Site Scripting
[SA22733] Sun Java System Multiple Products RSA Signature Forgery
[SA22701] iG Shop "id" and URL Cross-Site Scripting Vulnerabilities
[SA22690] Yazd Discussion Forum Two Security Bypass Issues
[SA22773] copssh Privilege Separation Monitor Weakness
[SA22771] OpenSSH Privilege Separation Monitor Weakness

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA22687] Microsoft XMLHTTP ActiveX Control Code Execution
Vulnerability

Critical:    Extremely critical
Where:       From remote
Impact:      System access
Released:    2006-11-04

A vulnerability has been discovered in Microsoft XML Core Services,
which can be exploited by malicious people to compromise a users
system.

Full Advisory:
http://secunia.com/advisories/22687/

 --

[SA22718] Essentia Web Server GET/HEAD Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-07

CorryL has discovered a vulnerability in Essentia Web Server, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22718/

 --

[SA22751] Omni-NFS NFS Server Buffer Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2006-11-07

Evgeny Legerov has discovered a vulnerability in Omni-NFS Server, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22751/

 --

[SA22755] War FTP Daemon CWD Denial Of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-08

Joxean Koret has discovered a vulnerability in War FTP Daemon, which
can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22755/

 --

[SA22739] Easy Chat Server Information Disclosure Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-11-07

Greg Linares has discovered a security issue in Easy Chat Server, which
can be exploited by malicious people to gain knowledge of sensitive
information.

Full Advisory:
http://secunia.com/advisories/22739/

 --

[SA22717] XM Easy Personal FTP Server NLST Denial Of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-06

boecke has discovered a vulnerability in XM Easy Personal FTP Server,
which can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22717/


UNIX/Linux:--

[SA22769] GreenBeast CMS File Upload And Logon Bypass

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2006-11-09

skulmatic has reported two vulnerabilities in GreenBeast CMS, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22769/

 --

[SA22764] Gentoo update for nvidia-drivers

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2006-11-08

Gentoo has issued an update for nvidia-drivers. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges and potentially by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/22764/

 --

[SA22763] Red Hat update for seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-11-09

Red Hat has issued an update for seamonkey. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22763/

 --

[SA22756] Advanced Guestbook "include_path" Parameter File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-07

BrokeN-ProXy has discovered a vulnerability in Advanced Guestbook,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22756/

 --

[SA22753] Red Hat update for PHP

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-07

Red Hat has issued an update for PHP. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22753/

 --

[SA22752] Mandriva update for imlib2

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-08

Mandriva has issued an update for imlib2. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/22752/

 --

[SA22744] Ubuntu update for imlib2

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-06

Ubuntu has issued an update for imlib2. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/22744/

 --

[SA22737] Red Hat update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-11-09

Red Hat has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22737/

 --

[SA22732] imlib2 Multiple Image File Processing Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-06

Some vulnerabilities have been reported in imlib2, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/22732/

 --

[SA22730] Ubuntu update for nvidia-glx

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2006-11-06

Ubuntu has issued an updated for nvidia-glx. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges and potentially by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/22730/

 --

[SA22713] Debian update for php4

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2006-11-08

Debian has issued an update for php4. This fixes some vulnerabilities,
which can be exploited by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service), and compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22713/

 --

[SA22693] Mandriva update for php

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-03

Mandriva has issued an update for php. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22693/

 --

[SA22688] Ubuntu update for PHP

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-03

Ubuntu has issued an update for PHP. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22688/

 --

[SA22762] Mandriva update for kernel

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2006-11-07

Mandriva has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22762/

 --

[SA22750] OpenLDAP BIND Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-07

Evgeny Legerov has reported a vulnerability in OpenLDAP, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22750/

 --

[SA22738] Gentoo update for qt

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-06

Gentoo has issued an update for qt. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
and potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/22738/

 --

[SA22731] Linux Kernel Fragmented IPv6 Packet Filtering Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-07

Some vulnerabilities have been reported in the Linux Kernel, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22731/

 --

[SA22727] Red Hat update for thunderbird

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-11-09

Red Hat has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22727/

 --

[SA22709] OpenWBEM Unspecified Privilege Escalation Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation
Released:    2006-11-06

A vulnerability has been reported in OpenWBEM, which can be exploited
by malicious users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22709/

 --

[SA22703] Quick.Cms.Lite "sLanguage" Cookie Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-11-08

Kacper has discovered a vulnerability in Quick.Cms.Lite, which can be
exploited by malicious people to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/22703/

 --

[SA22692] Mandriva update for wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-03

Mandriva has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22692/

 --

[SA22768] Mandriva update for librpm4

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-08

Mandriva has issued an update for librpm4. This fixes a vulnerability
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22768/

 --

[SA22761] Red Hat update for ruby

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-09

Red Hat has issued an update for ruby. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22761/

 --

[SA22745] Ubuntu update for librpm4

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-06

Ubuntu has issued an update for librpm4. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22745/

 --

[SA22740] RPM Buffer Overflow Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-06

A vulnerability has been reported in RPM, which can be exploited by
malicious people to cause a DoS (Denial of Service) or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22740/

 --

[SA22726] Slackware update for screen

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-06

Slackware has issued an update for screen. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22726/

 --

[SA22715] If-CMS "rns" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-06

Benjamin Mossé and Laurent Gaffié have discovered a vulnerability in
If-CMS, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22715/

 --

[SA22707] Gentoo update for screen

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-06

Gentoo has issued an update for screen. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22707/

 --

[SA22697] Hyper NIKKI System Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-06

A vulnerability has been reported in Hyper NIKKI System, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22697/

 --

[SA22696] Mandriva update for pam_ldap

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-08

Mandriva has issued an update for pam_ldap. This fixes a security
issue, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/22696/

 --

[SA22694] Debian update for pam_ldap

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-03

Debian has issued an update for pam_ldap. This fixes a security issue,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22694/

 --

[SA22700] OWFS owserver Path Type Denial Of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-11-07

A vulnerability has been reported in OWFS's owserver module, which can
be exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22700/

 --

[SA22749] Mandriva update for libx11

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-11-08

Mandriva has issued an update for libx11. This fixes a vulnerability,
which can be exploited by malicious, local users to disclose
potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/22749/

 --

[SA22742] OpenBase SQL "openexec" Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-11-08

Kevin Finisterre has reported two vulnerabilities in OpenBase SQL,
which can be exploited by malicious, local users to perform actions
with escalated privileges.

Full Advisory:
http://secunia.com/advisories/22742/

 --

[SA22736] FreeBSD "ffs_mountfs()" Integer Overflow Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2006-11-06

LMH has reported a vulnerability in FreeBSD, which can be exploited by
malicious, local users to cause a DoS (Denial of Service) or gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/22736/

 --

[SA22712] Debian update for thttpd

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-11-06

Debian has issued an update for thttpd. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/22712/

 --

[SA22767] Fedora Core "zlib_inflate()" Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-11-08

LMH has reported a vulnerability in Fedora Core, which can be exploited
by malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22767/

 --

[SA22746] Fedora Core ISO9660 Local Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-11-06

A vulnerability has been reported in Fedora Core, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22746/

 --

[SA22714] Sun Solaris UFS File System Denial Of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-11-06

LMH has reported a vulnerability in Solaris, which can be exploited by
malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22714/

 --

[SA22702] Linux Kernel ISO9660 Local Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-11-06

LMH has reported a vulnerability in the Linux Kernel, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22702/


Other:


Cross Platform:--

[SA22772] cwRsync OpenSSL Vulnerabilities and OpenSSH Weakness

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-08

Some vulnerabilities and a weakness have been reported in cwRsync,
which can be exploited by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service), or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22772/

 --

[SA22757] iPrimal Forums Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2006-11-07

Some vulnerabilities have been discovered in iPrimal Forums, which can
be exploited by malicious people to bypass certain security
restrictions or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22757/

 --

[SA22748] iWare Professional SimpleChat "msg" PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-07

nuffsaid has discovered a vulnerability in iWare Professional, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22748/

 --

[SA22735] Soholaunch Pro "_SESSION[docroot_path]" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-08

Dedi Dwianto has reported a vulnerability in Soholaunch Pro, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22735/

 --

[SA22722] Mozilla Firefox and SeaMonkey Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-11-08

Some vulnerabilities have been reported in Mozilla Firefox and Mozilla
SeaMonkey, which can be exploited by malicious people to bypass certain
security restrictions, conduct cross-site scripting attacks, and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22722/

 --

[SA22721] Cyberfolio "av" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-06

Dedi Dwianto has reported some vulnerabilities in Cyberfolio, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22721/

 --

[SA22710] phpDynaSite "racine" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-06

Dr.Pantagon has reported some vulnerabilities in phpDynaSite, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22710/

 --

[SA22708] SazCart "cart.php" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-06

IbnuSina has reported a vulnerability in SazCart, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22708/

 --

[SA22695] OpenEMR "srcdir" Parameter File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-07

Dedi Dwianto has discovered several vulnerabilities in OpenEMR, which
can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22695/

 --

[SA22770] Mozilla Thunderbird Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-11-08

Some vulnerabilities have been reported in Mozilla Thunderbird, which
can be exploited by malicious people to bypass certain security
restrictions, conduct cross-site scripting attacks, and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22770/

 --

[SA22729] Creasito "finame" Parameter Authentication Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-06

SlimTim10 has reported some vulnerabilities in Creasito E-Commerce
Content Manager, which can be exploited by malicious people to bypass
certain security restriction.

Full Advisory:
http://secunia.com/advisories/22729/

 --

[SA22720] FunkBoard "name" Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-06

A vulnerability has been reported in FunkBoard, which can be exploited
by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/22720/

 --

[SA22719] All In One Control Panel (AIOCP) Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-07

Laurent Gaffié and Benjamin Mossé have discovered several
vulnerabilities in All In One Control Panel (AIOCP), which can be
exploited by malicious people to conduct SQL injection attacks or
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22719/

 --

[SA22706] Webdrivers Simple Forum "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-06

Bl0od3r has discovered a vulnerability in Webdrivers Simple Forum,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/22706/

 --

[SA22704] PHP Classifieds "user_id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-08

ajann has discovered a vulnerability in PHP Classifieds, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22704/

 --

[SA22698] Article Script "category" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-06

Liz0ziM has reported a vulnerability in Article Script, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22698/

 --

[SA22691] HP System Management Homepage PHP Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-11-03

HP has acknowledged some vulnerabilities in HP System Management
Homepage, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass certain security restrictions, and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22691/

 --

[SA22689] Slackware update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2006-11-07

Slackware has issued an update for bind. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22689/

 --

[SA22760] phpComasy "username" and "password" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-08

David Vieira-Kurz has discovered two vulnerabilities in phpComasy,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/22760/

 --

[SA22733] Sun Java System Multiple Products RSA Signature Forgery

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-06

Sun has acknowledged a vulnerability in various Sun Java System
products, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/22733/

 --

[SA22701] iG Shop "id" and URL Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-06

SnipEr.X has reported some vulnerabilities in iG Shop, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22701/

 --

[SA22690] Yazd Discussion Forum Two Security Bypass Issues

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2006-11-03

Two security issues have been reported in Yazd Discussion Forum
Software, which potentially can be exploited by malicious users to gain
sensitive information and bypass security functionality.

Full Advisory:
http://secunia.com/advisories/22690/

 --

[SA22773] copssh Privilege Separation Monitor Weakness

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-08

A weakness has been reported in copssh, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22773/

 --

[SA22771] OpenSSH Privilege Separation Monitor Weakness

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-08

A weakness has been reported in OpenSSH, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22771/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45



_________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Thu Nov 09 2006 - 23:14:48 PST