======================================================================== The Secunia Weekly Advisory Summary 2006-11-09 - 2006-11-16 This week: 123 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: We are proud to announce the availability of the Secunia "Security Watchdog" Blog. The Secunia "Security Watchdog" Blog is used to communicate our opinions about vulnerabilities, security, ethics, and our responses to articles, research papers, and other blog entries regarding Secunia and vulnerabilities. To get the facts about vulnerabilities read our Secunia advisories. To get our opinions read the Secunia "Security Watchdog" Blog. The Blog: http://secunia.com/blog/ Subscribe to the RSS Feed: http://secunia.com/blog_rss/o.rss ======================================================================== 2) This Week in Brief: Microsoft has released their monthly security bulletins for November, which fixes several vulnerabilities in various Microsoft products. One of the vulnerabilities is currently being exploited in the wild, all users are advised to visit windows update and download the available security updates. Additional details can be found in the referenced Secunia advisories listed below. References: http://secunia.com/SA22878 http://secunia.com/SA22882 http://secunia.com/SA22883 http://secunia.com/SA22687 http://secunia.com/SA21910 http://secunia.com/SA22866 -- Secunia Research has discovered two vulnerabilities and a weakness in Panda ActiveScan, which can be exploited by malicious people to disclose system information, cause a DoS (Denial of Service), and compromise a user's system. Please see the referenced Secunia advisory for more information. Reference: http://secunia.com/SA21763 -- Some vulnerabilities have been reported in WinZip, which can be exploited by malicious people to compromise a user's system. The vendor has released an updated version, please see the referenced advisory for details. Reference: http://secunia.com/SA22891 -- Sergio Alvarez has reported some vulnerabilities in AVG Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Please see the referenced Secunia advisory for more information. Reference: http://secunia.com/SA22811 -- VIRUS ALERTS: During the past week Secunia collected 156 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA22687] Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability 2. [SA21910] Internet Explorer Multiple Vulnerabilities 3. [SA22722] Mozilla Firefox and SeaMonkey Multiple Vulnerabilities 4. [SA22477] Internet Explorer 7 "mhtml:" Redirection Information Disclosure 5. [SA22803] ProFTPD Unspecified Vulnerability 6. [SA22808] Mac OS X "fpathconf()" Denial of Service 7. [SA22811] AVG Anti-Virus Multiple File Parsing Vulnerabilities 8. [SA22542] Internet Explorer 7 Popup Address Bar Spoofing Weakness 9. [SA22891] WinZip FileView ActiveX Control Multiple Vulnerabilities 10. [SA22628] Internet Explorer 7 Window Injection Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA22891] WinZip FileView ActiveX Control Multiple Vulnerabilities [SA22882] Microsoft Windows Flash Player Multiple Vulnerabilities [SA22878] Microsoft Windows Agent ActiveX Control Buffer Overflow [SA22806] Marshal MailMarshal ARJ Archive Directory Traversal [SA22930] Dragon Internet Events Listing Multiple SQL Injection [SA22918] A+ Store E-Commerce SQL Injection and Cross-Site Scripting [SA22915] Inventory Manager Cross-Site Scripting and SQL Injection [SA22914] Car Site Manager SQL Injection And Cross-Site Scripting [SA22912] Evolve Shopping Cart "zoneid" SQL Injection [SA22911] FunkyASP Glossary "alpha" SQL Injection Vulnerability [SA22909] Citrix Advanced Access Control Two Vulnerabilities [SA22908] Citrix Access Gateway Appliance Information Disclosure [SA22904] Hpecs Shopping Cart Multiple SQL Injection Vulnerabilities [SA22902] BlogMe Script Insertion and SQL Injection [SA22901] NetVIOS "NewsID" SQL Injection Vulnerability [SA22899] SiteXpress E-Commerce System "id" SQL Injection Vulnerability [SA22897] E-Calendar Pro Multiple SQL Injection Vulnerabilities [SA22895] WWWeb Concepts CactuShop Two SQL Injection Vulnerabilities [SA22894] 20/20 Data Shed "itemID" SQL Injection Vulnerability [SA22888] BPG Easy Publisher / Smart Publisher "vjob" SQL Injection [SA22884] ASP Smiley "Username" SQL Injection Vulnerability [SA22879] F-PROT Antivirus Unspecified Buffer Overflow [SA22865] INFINICART Cross-Site Scripting and SQL Injection [SA22860] D-Link DWL-G132 Wireless Driver Beacon Rates Buffer Overflow [SA22859] NetJetServer Two Vulnerabilities [SA22857] Mercury Mail Transport System Unspecified Buffer Overflow [SA22856] ASP Scripter Easy Portal and Live Support SQL Injection [SA22848] Pragma FortressSSH Unspecified Buffer Overflow [SA22845] ASPPortal "Poll_ID" SQL Injection Vulnerability [SA22844] Munch Pro "catid" SQL Injection Vulnerability [SA22840] UPublisher "ID" SQL Injection Vulnerability [SA22839] USupport "id" SQL Injection Vulnerability [SA22838] UStore "ID" SQL Injection Vulnerability [SA22835] Estate Agent Manager "Username" SQL Injection Vulnerability [SA22832] Eudora WorldMail Unspecified Buffer Overflow Vulnerability [SA22830] NuSchool "NewsID" SQL Injection Vulnerability [SA22829] NuStore "SubCatagoryID" SQL Injection Vulnerability [SA22828] NuRealestate "PropID" SQL Injection Vulnerability [SA22827] NuCommunity "cl_cat_ID" SQL Injection Vulnerability [SA22883] Microsoft Windows Workstation Service Buffer Overflow Vulnerability [SA22866] Microsoft Windows Client Service for Netware Vulnerabilities [SA22802] Citrix Presentation Server IMA Service Vulnerabilities [SA22928] Selenium Server FTP Server Two Vulnerabilities [SA22927] Selenium Server Web Server Cross-Site Scripting Vulnerability [SA22916] Helm Web Hosting Control Panel Cross-Site Scripting Vulnerabilities [SA22893] Conxint FTP Server Directory Traversal Vulnerability [SA22874] ALFTP FTP Server Two Vulnerabilities [SA22861] Kerio MailServer Unspecified Denial of Service [SA22836] Eudora WorldMail Unspecified Denial of Service [SA22871] Windows Active Directory Unspecified Denial of Service [SA22863] PHPRunner Information Disclosure Security Issue [SA22913] Outpost Firewall Pro Hooked Functions Denial of Service UNIX/Linux: [SA22929] SGI Advanced Linux Environment Multiple Updates [SA22926] Debian update for openssh [SA22903] Debian update for pdns [SA22890] SGI Advanced Linux Environment Update for kdelibs [SA22881] SUSE update for php4 and php5 [SA22855] phpJobScheduler "installed_config_file" File Inclusion Vulnerabilities [SA22849] Debian update for mozilla-firefox [SA22823] Gentoo update for openssh [SA22820] EncapsCMS "root" File Inclusion Vulnerabilities [SA22817] Mandriva update for mozilla-firefox [SA22907] Sun Solaris libXfont Integer Overflow Vulnerability [SA22898] Trustix Update for Multiple Packages [SA22877] Dotdeb PHP "mail()" Function CRLF Injection [SA22875] VMware ESX Server Multiple Vulnerabilities [SA22867] ShopSystem "sessid" SQL Injection Vulnerability [SA22858] eXtremail Unspecified Buffer Overflow Vulnerability [SA22851] xtacacsd Unspecified Buffer Overflow Vulnerability [SA22842] Ampache Unauthorized Guest Access [SA22841] SUSE update for wireshark [SA22834] SUSE update for ImageMagick [SA22819] Gentoo update for graphicsmagick [SA22815] Mandriva update for mozilla-thunderbird [SA22813] myStats SQL Injection And Cross-Site Scripting Vulnerabilities [SA22803] ProFTPD Unspecified Vulnerability [SA22923] Red Hat update for elinks [SA22905] Links "smb" Protocol File Upload/Download Vulnerability [SA22889] rPath update for libpng [SA22869] Red Hat update for nss_ldap [SA22868] Debian update for trac [SA22854] Gentoo update for librmp4 [SA22826] Debian update for bugzilla [SA22801] FreeBSD update for libarchive [SA22822] SUSE update for kernel [SA22853] Gentoo update for ftpd [SA22852] Ubuntu update for avahi [SA22816] Linux NetKit FTP Server Information Disclosure and Privilege Escalation [SA22807] Avahi "netlink" Message Vulnerability [SA22872] Red Hat update for openssh [SA22814] Mandriva update for openssh [SA22906] Kerio WebSTAR "libucache.dylib" Privilege Escalation [SA22887] Fedora Core SELinux "superblock_doinit()" Denial of Service [SA22886] Fedora Core "init_journal()" Denial of Service [SA22876] VMware ESX Server x87 Register Information Leak [SA22837] Fedora Core Ext2 File System Denial of Service Vulnerability [SA22808] Mac OS X "fpathconf()" Denial of Service Other: [SA22799] Cisco Products OpenSSL Vulnerabilities [SA22833] Arkoon SSL360 Unspecified Cross-Site Scripting Vulnerabilities [SA22818] 3Com SuperStack 3 Switch 4400 Information Disclosure Cross Platform: [SA22873] phpPeanuts "Include" File Inclusion Vulnerability [SA22870] Mambo shambo2 Component File Inclusion Vulnerability [SA22862] Aigaion "DIR" Multiple File Inclusion Vulnerabilities [SA22824] PowerDNS Recursor Two Vulnerabilities [SA22811] AVG Anti-Virus Multiple File Parsing Vulnerabilities [SA22805] ContentNow Multiple Vulnerabilities [SA22804] LetterIt "lang" File Inclusion Vulnerability [SA22919] Extreme CMS Multiple Vulnerabilities [SA22910] Sun Java JRE Swing Library Applet Security Bypass [SA22885] Etomite SQL Injection And Local File Inclusion Vulnerabilities [SA22847] Rama CMS "lang" File Inclusion Vulnerability [SA22846] PHPWind "AdminUser" SQL Injection Vulnerability [SA22831] Broadcom Wireless Driver Probe Response SSID Buffer Overflow [SA22812] Vallheru mail.php SQL Injection Vulnerabilities [SA22810] BrewBlogger "id" SQL Injection Vulnerability [SA22800] ELOG "global" Logbook Denial of Service [SA22920] ELinks "smb" Protocol File Upload/Download Vulnerability [SA22900] libpng sPLT Chunk Handling Denial of Service [SA22892] Verity Ultraseek Multiple Vulnerabilities [SA22864] Netquery "User-Agent" HTTP Header Script Insertion [SA22843] Nucleus Unspecified Script Insertion [SA22825] CPanel Multiple Vulnerabilities [SA22809] Firefox Sage Extension Feed Script Insertion Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA22891] WinZip FileView ActiveX Control Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-15 Some vulnerabilities have been reported in WinZip, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/22891/ -- [SA22882] Microsoft Windows Flash Player Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, System access Released: 2006-11-14 Microsoft has acknowledged some vulnerabilities in Windows XP, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system. Full Advisory: http://secunia.com/advisories/22882/ -- [SA22878] Microsoft Windows Agent ActiveX Control Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-14 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22878/ -- [SA22806] Marshal MailMarshal ARJ Archive Directory Traversal Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-12 A vulnerability has been reported in MailMarshal SMTP and MailMarshal Exchange, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22806/ -- [SA22930] Dragon Internet Events Listing Multiple SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-16 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Dragon Internet Events Listing, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22930/ -- [SA22918] A+ Store E-Commerce SQL Injection and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-15 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in A+ Store E-Commerce, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/22918/ -- [SA22915] Inventory Manager Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Cross Site Scripting Released: 2006-11-15 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Inventory Manager, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/22915/ -- [SA22914] Car Site Manager SQL Injection And Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-15 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Car Site Manager, which can be exploited by malicious people to conduct SQL injection attacks and cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/22914/ -- [SA22912] Evolve Shopping Cart "zoneid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-15 Laurent Gaffié and Benjamin Mossé have reported a vulnerability in Evolve Shopping Cart, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22912/ -- [SA22911] FunkyASP Glossary "alpha" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-15 Laurent Gaffié and Benjamin Mossé have reported a vulnerability in FunkyASP Glossary, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22911/ -- [SA22909] Citrix Advanced Access Control Two Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2006-11-15 Two vulnerabilities have been reported in Citrix Advanced Access Control, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22909/ -- [SA22908] Citrix Access Gateway Appliance Information Disclosure Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2006-11-15 A vulnerability has been reported in Citrix Access Gateway appliances, which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/22908/ -- [SA22904] Hpecs Shopping Cart Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-16 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Hpecs Shopping Cart, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22904/ -- [SA22902] BlogMe Script Insertion and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-15 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in BlogMe, which can be exploited by malicious people to conduct script insertion and SQL injection attacks. Full Advisory: http://secunia.com/advisories/22902/ -- [SA22901] NetVIOS "NewsID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-15 ajann has reported a vulnerability in NetVIOS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22901/ -- [SA22899] SiteXpress E-Commerce System "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-15 Aria-Security Team have reported a vulnerability in SiteXpress E-Commerce System, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22899/ -- [SA22897] E-Calendar Pro Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-16 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in E-Calendar Pro, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22897/ -- [SA22895] WWWeb Concepts CactuShop Two SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-15 Aria-Security Team have reported two vulnerabilities in WWWeb Concepts CactuShop, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22895/ -- [SA22894] 20/20 Data Shed "itemID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-15 A vulnerability has been reported in 20/20 Data Shed, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22894/ -- [SA22888] BPG Easy Publisher / Smart Publisher "vjob" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-15 ajann has discovered a vulnerability in BPG Easy Publisher and Smart Publisher, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22888/ -- [SA22884] ASP Smiley "Username" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-15 ajann has reported a vulnerability in ASP Smiley, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22884/ -- [SA22879] F-PROT Antivirus Unspecified Buffer Overflow Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-15 GLEG has reported a vulnerability in F-PROT Antivirus, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22879/ -- [SA22865] INFINICART Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-14 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in INFINICART, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/22865/ -- [SA22860] D-Link DWL-G132 Wireless Driver Beacon Rates Buffer Overflow Critical: Moderately critical Where: From remote Impact: System access Released: 2006-11-14 H D Moore has reported a vulnerability in D-Link DWL-G132 Wireless driver, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22860/ -- [SA22859] NetJetServer Two Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2006-11-16 Greg Linares has discovered two vulnerabilities in NetJetServer, which can be exploited by malicious people to disclose sensitive information and bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22859/ -- [SA22857] Mercury Mail Transport System Unspecified Buffer Overflow Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-14 GLEG has reported a vulnerability in Mercury Mail Transport System, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22857/ -- [SA22856] ASP Scripter Easy Portal and Live Support SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-14 ajann has reported a vulnerability in ASP Scripter Easy Portal and ASP Scripter Live Support, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22856/ -- [SA22848] Pragma FortressSSH Unspecified Buffer Overflow Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-14 GLEG has reported a vulnerability in Pragma FortressSSH, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22848/ -- [SA22845] ASPPortal "Poll_ID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-13 ajann has discovered a vulnerability in ASPPortal, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22845/ -- [SA22844] Munch Pro "catid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-13 ajann has reported a vulnerability in Munch Pro, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22844/ -- [SA22840] UPublisher "ID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-13 ajann has reported a vulnerability in UPublisher, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22840/ -- [SA22839] USupport "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-13 ajann has reported a vulnerability in USupport, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22839/ -- [SA22838] UStore "ID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-13 ajann has reported a vulnerability in UStore, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22838/ -- [SA22835] Estate Agent Manager "Username" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-14 ajann has reported a vulnerability in Estate Agent Manager, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22835/ -- [SA22832] Eudora WorldMail Unspecified Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-14 GLEG has reported a vulnerability in Eudora WorldMail, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22832/ -- [SA22830] NuSchool "NewsID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-13 ajann has reported a vulnerability in NuSchool, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22830/ -- [SA22829] NuStore "SubCatagoryID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-13 ajann has reported a vulnerability in NuStore, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22829/ -- [SA22828] NuRealestate "PropID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-13 ajann has reported a vulnerability in NuRealestate, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22828/ -- [SA22827] NuCommunity "cl_cat_ID" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-13 ajann has reported a vulnerability in NuCommunity, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22827/ -- [SA22883] Microsoft Windows Workstation Service Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2006-11-14 eEye Digital Security has reported a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22883/ -- [SA22866] Microsoft Windows Client Service for Netware Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2006-11-14 Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22866/ -- [SA22802] Citrix Presentation Server IMA Service Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2006-11-10 Two vulnerabilities have been reported in Citrix Presentation Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22802/ -- [SA22928] Selenium Server FTP Server Two Vulnerabilities Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2006-11-16 Greg Linares has discovered two vulnerabilities in Selenium Server, which can be exploited by malicious users to enumerate files on an affected system and disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/22928/ -- [SA22927] Selenium Server Web Server Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-16 Greg Linares has discovered a vulnerability in Selenium Server, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/22927/ -- [SA22916] Helm Web Hosting Control Panel Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-16 Aria-Security Team have reported some vulnerabilities in Helm Web Hosting Control Panel, which can be exploited by malicious users to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/22916/ -- [SA22893] Conxint FTP Server Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2006-11-15 Greg Linares has discovered a vulnerability in Conxint FTP Server, which can be exploited by malicious users to enumerate files on an affected system and to disclose potential sensitive information. Full Advisory: http://secunia.com/advisories/22893/ -- [SA22874] ALFTP FTP Server Two Vulnerabilities Critical: Less critical Where: From remote Impact: Manipulation of data, Exposure of system information Released: 2006-11-15 Greg Linares has discovered two vulnerabilities in ALFTP FTP Server, which can be exploited by malicious users to gain knowledge of certain system information and to perform certain actions on the vulnerable system. Full Advisory: http://secunia.com/advisories/22874/ -- [SA22861] Kerio MailServer Unspecified Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-14 GLEG has reported a vulnerability in Kerio MailServer, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22861/ -- [SA22836] Eudora WorldMail Unspecified Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-14 GLEG has reported a vulnerability in Eudora WorldMail, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22836/ -- [SA22871] Windows Active Directory Unspecified Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2006-11-14 GLEG has reported a vulnerability in Microsoft Windows, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22871/ -- [SA22863] PHPRunner Information Disclosure Security Issue Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2006-11-14 Lostmon has discovered a security issue in PHPRunner, which can be exploited by malicious, local users to gain access to potentially sensitive information. Full Advisory: http://secunia.com/advisories/22863/ -- [SA22913] Outpost Firewall Pro Hooked Functions Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2006-11-16 Matousec has discovered a vulnerability in Outpost Firewall Pro, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22913/ UNIX/Linux:-- [SA22929] SGI Advanced Linux Environment Multiple Updates Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Privilege escalation, DoS, System access Released: 2006-11-16 SGI has issued a patch for SGI Advanced Linux Environment. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges, and by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, to cause a DoS (Denial of Service), or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22929/ -- [SA22926] Debian update for openssh Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-11-16 Debian has issued an update for openssh. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22926/ -- [SA22903] Debian update for pdns Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-15 Debian has issued an update for pdns. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22903/ -- [SA22890] SGI Advanced Linux Environment Update for kdelibs Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-11-16 SGI has issued a patch for SGI Advanced Linux Environment. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22890/ -- [SA22881] SUSE update for php4 and php5 Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-11-15 SUSE has issued an update for php4 and php5. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22881/ -- [SA22855] phpJobScheduler "installed_config_file" File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-14 Some vulnerabilities have been discovered in phpJobScheduler, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22855/ -- [SA22849] Debian update for mozilla-firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Spoofing, DoS, System access Released: 2006-11-14 Debian has issued an update for mozilla-firefox. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing and DoS (Denial of Service) attacks, bypass certain security restrictions and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/22849/ -- [SA22823] Gentoo update for openssh Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-11-14 Gentoo has issued an update for openssh. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22823/ -- [SA22820] EncapsCMS "root" File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-14 Firewall has discovered some vulnerabilities in EncapsCMS, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22820/ -- [SA22817] Mandriva update for mozilla-firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, DoS, System access Released: 2006-11-13 Mandriva has issued an update for mozilla-firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22817/ -- [SA22907] Sun Solaris libXfont Integer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-15 Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22907/ -- [SA22898] Trustix Update for Multiple Packages Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2006-11-15 Trustix has issued an update for multiple packages. This fixes some vulnerabilities and a weakness, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22898/ -- [SA22877] Dotdeb PHP "mail()" Function CRLF Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2006-11-15 Stefan Esser has discovered a vulnerability in Dotdeb PHP, which can be exploited by malicious people to send manipulated e-mail messages and expose sensitive information. Full Advisory: http://secunia.com/advisories/22877/ -- [SA22875] VMware ESX Server Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, DoS, System access Released: 2006-11-14 Some vulnerabilities, security issues, and a weakness have been reported in VMware ESX Server, which can be exploited by malicious, local users to bypass certain security restrictions and disclose potentially sensitive information, or by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22875/ -- [SA22867] ShopSystem "sessid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-14 David Vieira-Kurz has reported a vulnerability in ShopSystem, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22867/ -- [SA22858] eXtremail Unspecified Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-14 GLEG has reported a vulnerability in eXtremail, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22858/ -- [SA22851] xtacacsd Unspecified Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-14 GLEG has reported a vulnerability in xtacacsd, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22851/ -- [SA22842] Ampache Unauthorized Guest Access Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2006-11-14 A vulnerability has been reported in Ampache, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22842/ -- [SA22841] SUSE update for wireshark Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-11-14 SUSE has issued an update for wireshark. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22841/ -- [SA22834] SUSE update for ImageMagick Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-14 SUSE has issued an update for ImageMagick. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22834/ -- [SA22819] Gentoo update for graphicsmagick Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-14 Gentoo has issued an update for graphicsmagick. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22819/ -- [SA22815] Mandriva update for mozilla-thunderbird Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, DoS, System access Released: 2006-11-13 Mandriva has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22815/ -- [SA22813] myStats SQL Injection And Cross-Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-13 Laurent Gaffié and Benjamin Mossé have discovered some vulnerabilities in myStats, which can be exploited by malicious people to conduct SQL injection and cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/22813/ -- [SA22803] ProFTPD Unspecified Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2006-11-10 Evgeny Legerov has reported a vulnerability in ProFTPD, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22803/ -- [SA22923] Red Hat update for elinks Critical: Moderately critical Where: From local network Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2006-11-16 Red Hat has issued an update for elinks. This fixes a vulnerability, which can be exploited by malicious people to expose sensitive information and manipulate data. Full Advisory: http://secunia.com/advisories/22923/ -- [SA22905] Links "smb" Protocol File Upload/Download Vulnerability Critical: Moderately critical Where: From local network Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2006-11-15 Teemu Salmela has discovered a vulnerability in Links, which can be exploited by malicious people to expose sensitive information and manipulate data. Full Advisory: http://secunia.com/advisories/22905/ -- [SA22889] rPath update for libpng Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-16 rPath has issued an update for libpng. This fixes a vulnerability, which can be exploited to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22889/ -- [SA22869] Red Hat update for nss_ldap Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-11-15 Red Hat has issued an update for nss_ldap. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22869/ -- [SA22868] Debian update for trac Critical: Less critical Where: From remote Impact: Hijacking Released: 2006-11-14 Debian has issued an update for trac. This fixes a vulnerability which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/22868/ -- [SA22854] Gentoo update for librmp4 Critical: Less critical Where: From remote Impact: DoS, System access Released: 2006-11-14 Gentoo has issued an update for librpm4. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22854/ -- [SA22826] Debian update for bugzilla Critical: Less critical Where: From remote Impact: Cross Site Scripting, Privilege escalation Released: 2006-11-13 Debian has issued an update for bugzilla. This fixes some vulnerabilities, which can be exploited by malicious, local users to perform certain actions with escalated privileges, and by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/22826/ -- [SA22801] FreeBSD update for libarchive Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-10 FreeBSD has issued an update for libarchive. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22801/ -- [SA22822] SUSE update for kernel Critical: Less critical Where: From local network Impact: DoS Released: 2006-11-13 SUSE has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22822/ -- [SA22853] Gentoo update for ftpd Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation Released: 2006-11-13 Gentoo has issued an update for ftpd. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information or perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/22853/ -- [SA22852] Ubuntu update for avahi Critical: Less critical Where: Local system Impact: Security Bypass Released: 2006-11-13 Ubuntu has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22852/ -- [SA22816] Linux NetKit FTP Server Information Disclosure and Privilege Escalation Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation Released: 2006-11-13 Paul Szabo has reported some vulnerabilities in the Linux NetKit FTP Server, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information, or perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/22816/ -- [SA22807] Avahi "netlink" Message Vulnerability Critical: Less critical Where: Local system Impact: Security Bypass Released: 2006-11-13 A vulnerability has been reported in Avahi, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22807/ -- [SA22872] Red Hat update for openssh Critical: Not critical Where: From remote Impact: Security Bypass Released: 2006-11-15 Red Hat has issued an update for openssh. This fixes a weakness, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22872/ -- [SA22814] Mandriva update for openssh Critical: Not critical Where: From remote Impact: Security Bypass Released: 2006-11-13 Mandriva has issued an update for openssh. This fixes a weakness, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22814/ -- [SA22906] Kerio WebSTAR "libucache.dylib" Privilege Escalation Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2006-11-16 Kevin Finisterre has reported a vulnerability in Kerio WebSTAR, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/22906/ -- [SA22887] Fedora Core SELinux "superblock_doinit()" Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2006-11-15 LMH has reported a vulnerability in Fedora Core, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22887/ -- [SA22886] Fedora Core "init_journal()" Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2006-11-16 LMH has reported a vulnerability in Fedora Core, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22886/ -- [SA22876] VMware ESX Server x87 Register Information Leak Critical: Not critical Where: Local system Impact: Exposure of sensitive information, System access Released: 2006-11-14 A security issue has been reported in VMware ESX Server, which can be exploited by malicious, local users to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/22876/ -- [SA22837] Fedora Core Ext2 File System Denial of Service Vulnerability Critical: Not critical Where: Local system Impact: DoS Released: 2006-11-13 LMH has reported a vulnerability in Fedora Core, which can be exploited by malicious, local users to cause a DoS (Denial of Service) Full Advisory: http://secunia.com/advisories/22837/ -- [SA22808] Mac OS X "fpathconf()" Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2006-11-10 Ilja Van Sprundel has discovered a vulnerability in Mac OS X, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22808/ Other:-- [SA22799] Cisco Products OpenSSL Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2006-11-09 Cisco has acknowledged some vulnerabilities in various products, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22799/ -- [SA22833] Arkoon SSL360 Unspecified Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-14 Some vulnerabilities have been reported in Arkoon SSL360, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/22833/ -- [SA22818] 3Com SuperStack 3 Switch 4400 Information Disclosure Critical: Less critical Where: From local network Impact: Exposure of sensitive information Released: 2006-11-14 A security issue has been reported in the 3Com SuperStack 3 Switch 4400 family, which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/22818/ Cross Platform:-- [SA22873] phpPeanuts "Include" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-15 Hidayat Sagita has discovered a vulnerability in phpPeanuts, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22873/ -- [SA22870] Mambo shambo2 Component File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-14 Crackers_Child has reported a vulnerability in the shambo2 component for Mambo, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22870/ -- [SA22862] Aigaion "DIR" Multiple File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-14 navairum has discovered some vulnerabilities in aigaion, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22862/ -- [SA22824] PowerDNS Recursor Two Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-11-13 Two vulnerabilities have been reported in PowerDNS Recursor, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22824/ -- [SA22811] AVG Anti-Virus Multiple File Parsing Vulnerabilities Critical: Highly critical Where: From remote Impact: Unknown, DoS, System access Released: 2006-11-14 Sergio Alvarez has reported some vulnerabilities in AVG Anti-Virus, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22811/ -- [SA22805] ContentNow Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information, System access, Cross Site Scripting Released: 2006-11-13 r0ut3r and Timq have discovered some vulnerabilities in ContentNow, which can be exploited by malicious people to disclose certain sensitive information, perform certain actions with escalated privileges, to compromise a vulnerable system, or to perform cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/22805/ -- [SA22804] LetterIt "lang" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-10 v1per-haCker has discovered a vulnerability in LetterIt, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22804/ -- [SA22919] Extreme CMS Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2006-11-15 r0ut3r has discovered some vulnerabilities in Extreme CMS, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22919/ -- [SA22910] Sun Java JRE Swing Library Applet Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2006-11-15 A vulnerability has been reported in Sun Java JRE, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22910/ -- [SA22885] Etomite SQL Injection And Local File Inclusion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2006-11-16 Alfredo Pesoli has discovered two vulnerabilities in Etomite, which can be exploited by malicious people to conduct SQL injection attacks and by malicious users to expose sensitive information. Full Advisory: http://secunia.com/advisories/22885/ -- [SA22847] Rama CMS "lang" File Inclusion Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2006-11-13 Kacper has reported a vulnerability in Rama CMS, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/22847/ -- [SA22846] PHPWind "AdminUser" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-13 rgod has reported a vulnerability in PHPWind, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22846/ -- [SA22831] Broadcom Wireless Driver Probe Response SSID Buffer Overflow Critical: Moderately critical Where: From remote Impact: System access Released: 2006-11-13 Johnny Cache has reported a vulnerability in Broadcom Wireless driver, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22831/ -- [SA22812] Vallheru mail.php SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-14 Some vulnerabilities have been reported in Vallheru, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22812/ -- [SA22810] BrewBlogger "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2006-11-13 Craig Heffner has discovered a vulnerability in BrewBlogger, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22810/ -- [SA22800] ELOG "global" Logbook Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-11-10 Jayesh KS and Arun Kethipelly have discovered a vulnerability in ELOG, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22800/ -- [SA22920] ELinks "smb" Protocol File Upload/Download Vulnerability Critical: Moderately critical Where: From local network Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2006-11-15 Teemu Salmela has discovered a vulnerability in ELinks, which can be exploited by malicious people to expose sensitive information and manipulate data. Full Advisory: http://secunia.com/advisories/22920/ -- [SA22900] libpng sPLT Chunk Handling Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-15 Tavis Ormandy has reported a vulnerability in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22900/ -- [SA22892] Verity Ultraseek Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2006-11-16 Some vulnerabilities have been reported in Verity Ultraseek, which can be exploited by malicious users to gain knowledge of sensitive information or by malicious people to bypass certain security restrictions and disclose sensitive information. Full Advisory: http://secunia.com/advisories/22892/ -- [SA22864] Netquery "User-Agent" HTTP Header Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-14 Tal Argoni has reported a vulnerability in Netquery, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/22864/ -- [SA22843] Nucleus Unspecified Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-14 A vulnerability has been reported in Nucleus CMS, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/22843/ -- [SA22825] CPanel Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Hijacking, Cross Site Scripting Released: 2006-11-14 Aria-Security has reported some vulnerabilities in cPanel, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/22825/ -- [SA22809] Firefox Sage Extension Feed Script Insertion Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-10 David Kierznowski has discovered a vulnerability in the Sage extension for Firefox, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/22809/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Fri Nov 17 2006 - 02:20:02 PST