[ISN] Secunia Weekly Summary - Issue: 2006-46

From: InfoSec News (alerts@private)
Date: Fri Nov 17 2006 - 02:09:39 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2006-11-09 - 2006-11-16                        

                       This week: 123 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

We are proud to announce the availability of the Secunia "Security
Watchdog" Blog.

The Secunia "Security Watchdog" Blog is used to communicate our
opinions about vulnerabilities, security, ethics, and our responses to
articles, research papers, and other blog entries regarding Secunia
and vulnerabilities.

To get the facts about vulnerabilities read our Secunia advisories. To
get our opinions read the Secunia "Security Watchdog" Blog.

The Blog:
http://secunia.com/blog/

Subscribe to the RSS Feed:
http://secunia.com/blog_rss/o.rss

========================================================================
2) This Week in Brief:

Microsoft has released their monthly security bulletins for November,
which fixes several vulnerabilities in various Microsoft products.

One of the vulnerabilities is currently being exploited in the wild,
all users are advised to visit windows update and download the
available security updates.

Additional details can be found in the referenced Secunia advisories
listed below.

References:
http://secunia.com/SA22878
http://secunia.com/SA22882
http://secunia.com/SA22883
http://secunia.com/SA22687
http://secunia.com/SA21910
http://secunia.com/SA22866

 --
 
Secunia Research has discovered two vulnerabilities and a weakness in
Panda ActiveScan, which can be exploited by malicious people to
disclose system information, cause a DoS (Denial of Service), and
compromise a user's system.

Please see the referenced Secunia advisory for more information.

Reference:
http://secunia.com/SA21763

 --
 
Some vulnerabilities have been reported in WinZip, which can be
exploited by malicious people to compromise a user's system.

The vendor has released an updated version, please see the referenced
advisory for details.

Reference:
http://secunia.com/SA22891

 --
 
Sergio Alvarez has reported some vulnerabilities in AVG Anti-Virus,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Please see the referenced Secunia advisory for more information.

Reference:
http://secunia.com/SA22811

 --

VIRUS ALERTS:

During the past week Secunia collected 156 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA22687] Microsoft XMLHTTP ActiveX Control Code Execution
              Vulnerability
2.  [SA21910] Internet Explorer Multiple Vulnerabilities
3.  [SA22722] Mozilla Firefox and SeaMonkey Multiple Vulnerabilities
4.  [SA22477] Internet Explorer 7 "mhtml:" Redirection Information
              Disclosure
5.  [SA22803] ProFTPD Unspecified Vulnerability
6.  [SA22808] Mac OS X "fpathconf()" Denial of Service
7.  [SA22811] AVG Anti-Virus Multiple File Parsing Vulnerabilities
8.  [SA22542] Internet Explorer 7 Popup Address Bar Spoofing Weakness
9.  [SA22891] WinZip FileView ActiveX Control Multiple Vulnerabilities
10. [SA22628] Internet Explorer 7 Window Injection Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA22891] WinZip FileView ActiveX Control Multiple Vulnerabilities
[SA22882] Microsoft Windows Flash Player Multiple Vulnerabilities
[SA22878] Microsoft Windows Agent ActiveX Control Buffer Overflow
[SA22806] Marshal MailMarshal ARJ Archive Directory Traversal
[SA22930] Dragon Internet Events Listing Multiple SQL Injection
[SA22918] A+ Store E-Commerce SQL Injection and Cross-Site Scripting
[SA22915] Inventory Manager Cross-Site Scripting and SQL Injection
[SA22914] Car Site Manager SQL Injection And Cross-Site Scripting
[SA22912] Evolve Shopping Cart "zoneid" SQL Injection
[SA22911] FunkyASP Glossary "alpha" SQL Injection Vulnerability
[SA22909] Citrix Advanced Access Control Two Vulnerabilities
[SA22908] Citrix Access Gateway Appliance Information Disclosure
[SA22904] Hpecs Shopping Cart Multiple SQL Injection Vulnerabilities
[SA22902] BlogMe Script Insertion and SQL Injection
[SA22901] NetVIOS "NewsID" SQL Injection Vulnerability
[SA22899] SiteXpress E-Commerce System "id" SQL Injection
Vulnerability
[SA22897] E-Calendar Pro Multiple SQL Injection Vulnerabilities
[SA22895] WWWeb Concepts CactuShop Two SQL Injection Vulnerabilities
[SA22894] 20/20 Data Shed "itemID" SQL Injection Vulnerability
[SA22888] BPG Easy Publisher / Smart Publisher "vjob" SQL Injection
[SA22884] ASP Smiley "Username" SQL Injection Vulnerability
[SA22879] F-PROT Antivirus Unspecified Buffer Overflow
[SA22865] INFINICART Cross-Site Scripting and SQL Injection
[SA22860] D-Link DWL-G132 Wireless Driver Beacon Rates Buffer Overflow
[SA22859] NetJetServer Two Vulnerabilities
[SA22857] Mercury Mail Transport System Unspecified Buffer Overflow
[SA22856] ASP Scripter Easy Portal and Live Support SQL Injection
[SA22848] Pragma FortressSSH Unspecified Buffer Overflow
[SA22845] ASPPortal "Poll_ID" SQL Injection Vulnerability
[SA22844] Munch Pro "catid" SQL Injection Vulnerability
[SA22840] UPublisher "ID" SQL Injection Vulnerability
[SA22839] USupport "id" SQL Injection Vulnerability
[SA22838] UStore "ID" SQL Injection Vulnerability
[SA22835] Estate Agent Manager "Username" SQL Injection Vulnerability
[SA22832] Eudora WorldMail Unspecified Buffer Overflow Vulnerability
[SA22830] NuSchool "NewsID" SQL Injection Vulnerability
[SA22829] NuStore "SubCatagoryID" SQL Injection Vulnerability
[SA22828] NuRealestate "PropID" SQL Injection Vulnerability
[SA22827] NuCommunity "cl_cat_ID" SQL Injection Vulnerability
[SA22883] Microsoft Windows Workstation Service Buffer Overflow
Vulnerability
[SA22866] Microsoft Windows Client Service for Netware Vulnerabilities
[SA22802] Citrix Presentation Server IMA Service Vulnerabilities
[SA22928] Selenium Server FTP Server Two Vulnerabilities
[SA22927] Selenium Server Web Server Cross-Site Scripting
Vulnerability
[SA22916] Helm Web Hosting Control Panel Cross-Site Scripting
Vulnerabilities
[SA22893] Conxint FTP Server Directory Traversal Vulnerability
[SA22874] ALFTP FTP Server Two Vulnerabilities
[SA22861] Kerio MailServer Unspecified Denial of Service
[SA22836] Eudora WorldMail Unspecified Denial of Service
[SA22871] Windows Active Directory Unspecified Denial of Service
[SA22863] PHPRunner Information Disclosure Security Issue
[SA22913] Outpost Firewall Pro Hooked Functions Denial of Service

UNIX/Linux:
[SA22929] SGI Advanced Linux Environment Multiple Updates
[SA22926] Debian update for openssh
[SA22903] Debian update for pdns
[SA22890] SGI Advanced Linux Environment Update for kdelibs
[SA22881] SUSE update for php4 and php5
[SA22855] phpJobScheduler "installed_config_file" File Inclusion
Vulnerabilities
[SA22849] Debian update for mozilla-firefox
[SA22823] Gentoo update for openssh
[SA22820] EncapsCMS "root" File Inclusion Vulnerabilities
[SA22817] Mandriva update for mozilla-firefox
[SA22907] Sun Solaris libXfont Integer Overflow Vulnerability
[SA22898] Trustix Update for Multiple Packages
[SA22877] Dotdeb PHP "mail()" Function CRLF Injection
[SA22875] VMware ESX Server Multiple Vulnerabilities
[SA22867] ShopSystem "sessid" SQL Injection Vulnerability
[SA22858] eXtremail Unspecified Buffer Overflow Vulnerability
[SA22851] xtacacsd Unspecified Buffer Overflow Vulnerability
[SA22842] Ampache Unauthorized Guest Access
[SA22841] SUSE update for wireshark
[SA22834] SUSE update for ImageMagick
[SA22819] Gentoo update for graphicsmagick
[SA22815] Mandriva update for mozilla-thunderbird
[SA22813] myStats SQL Injection And Cross-Site Scripting
Vulnerabilities
[SA22803] ProFTPD Unspecified Vulnerability
[SA22923] Red Hat update for elinks
[SA22905] Links "smb" Protocol File Upload/Download Vulnerability
[SA22889] rPath update for libpng
[SA22869] Red Hat update for nss_ldap
[SA22868] Debian update for trac
[SA22854] Gentoo update for librmp4
[SA22826] Debian update for bugzilla
[SA22801] FreeBSD update for libarchive
[SA22822] SUSE update for kernel
[SA22853] Gentoo update for ftpd
[SA22852] Ubuntu update for avahi
[SA22816] Linux NetKit FTP Server Information Disclosure and Privilege
Escalation
[SA22807] Avahi "netlink" Message Vulnerability
[SA22872] Red Hat update for openssh
[SA22814] Mandriva update for openssh
[SA22906] Kerio WebSTAR "libucache.dylib" Privilege Escalation
[SA22887] Fedora Core SELinux "superblock_doinit()" Denial of Service
[SA22886] Fedora Core "init_journal()" Denial of Service
[SA22876] VMware ESX Server x87 Register Information Leak
[SA22837] Fedora Core Ext2 File System Denial of Service Vulnerability
[SA22808] Mac OS X "fpathconf()" Denial of Service

Other:
[SA22799] Cisco Products OpenSSL Vulnerabilities
[SA22833] Arkoon SSL360 Unspecified Cross-Site Scripting
Vulnerabilities
[SA22818] 3Com SuperStack 3 Switch 4400 Information Disclosure

Cross Platform:
[SA22873] phpPeanuts "Include" File Inclusion Vulnerability
[SA22870] Mambo shambo2 Component File Inclusion Vulnerability
[SA22862] Aigaion "DIR" Multiple File Inclusion Vulnerabilities
[SA22824] PowerDNS Recursor Two Vulnerabilities
[SA22811] AVG Anti-Virus Multiple File Parsing Vulnerabilities
[SA22805] ContentNow Multiple Vulnerabilities
[SA22804] LetterIt "lang" File Inclusion Vulnerability
[SA22919] Extreme CMS Multiple Vulnerabilities
[SA22910] Sun Java JRE Swing Library Applet Security Bypass
[SA22885] Etomite SQL Injection And Local File Inclusion
Vulnerabilities
[SA22847] Rama CMS "lang" File Inclusion Vulnerability
[SA22846] PHPWind "AdminUser" SQL Injection Vulnerability
[SA22831] Broadcom Wireless Driver Probe Response SSID Buffer Overflow
[SA22812] Vallheru mail.php SQL Injection Vulnerabilities
[SA22810] BrewBlogger "id" SQL Injection Vulnerability
[SA22800] ELOG "global" Logbook Denial of Service
[SA22920] ELinks "smb" Protocol File Upload/Download Vulnerability
[SA22900] libpng sPLT Chunk Handling Denial of Service
[SA22892] Verity Ultraseek Multiple Vulnerabilities
[SA22864] Netquery "User-Agent" HTTP Header Script Insertion
[SA22843] Nucleus Unspecified Script Insertion
[SA22825] CPanel Multiple Vulnerabilities
[SA22809] Firefox Sage Extension Feed Script Insertion Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA22891] WinZip FileView ActiveX Control Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-15

Some vulnerabilities have been reported in WinZip, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22891/

 --

[SA22882] Microsoft Windows Flash Player Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2006-11-14

Microsoft has acknowledged some vulnerabilities in Windows XP, which
can be exploited by malicious people to bypass certain security
restrictions or compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22882/

 --

[SA22878] Microsoft Windows Agent ActiveX Control Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-14

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22878/

 --

[SA22806] Marshal MailMarshal ARJ Archive Directory Traversal

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-12

A vulnerability has been reported in MailMarshal SMTP and MailMarshal
Exchange, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22806/

 --

[SA22930] Dragon Internet Events Listing Multiple SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-16

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
Dragon Internet Events Listing, which can be exploited by malicious
people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22930/

 --

[SA22918] A+ Store E-Commerce SQL Injection and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-15

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
A+ Store E-Commerce, which can be exploited by malicious people to
conduct SQL injection and cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22918/

 --

[SA22915] Inventory Manager Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Cross Site Scripting
Released:    2006-11-15

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
Inventory Manager, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22915/

 --

[SA22914] Car Site Manager SQL Injection And Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-15

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
Car Site Manager, which can be exploited by malicious people to conduct
SQL injection attacks and cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22914/

 --

[SA22912] Evolve Shopping Cart "zoneid" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-15

Laurent Gaffié and Benjamin Mossé have reported a vulnerability in
Evolve Shopping Cart, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22912/

 --

[SA22911] FunkyASP Glossary "alpha" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-15

Laurent Gaffié and Benjamin Mossé have reported a vulnerability in
FunkyASP Glossary, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22911/

 --

[SA22909] Citrix Advanced Access Control Two Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-15

Two vulnerabilities have been reported in Citrix Advanced Access
Control, which can be exploited by malicious users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/22909/

 --

[SA22908] Citrix Access Gateway Appliance Information Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-11-15

A vulnerability has been reported in Citrix Access Gateway appliances,
which can be exploited by malicious people to gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/22908/

 --

[SA22904] Hpecs Shopping Cart Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-16

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
Hpecs Shopping Cart, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22904/

 --

[SA22902] BlogMe Script Insertion and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-15

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
BlogMe, which can be exploited by malicious people to conduct script
insertion and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22902/

 --

[SA22901] NetVIOS "NewsID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-15

ajann has reported a vulnerability in NetVIOS, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22901/

 --

[SA22899] SiteXpress E-Commerce System "id" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-15

Aria-Security Team have reported a vulnerability in SiteXpress
E-Commerce System, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22899/

 --

[SA22897] E-Calendar Pro Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-16

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
E-Calendar Pro, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22897/

 --

[SA22895] WWWeb Concepts CactuShop Two SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-15

Aria-Security Team have reported two vulnerabilities in WWWeb Concepts
CactuShop, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/22895/

 --

[SA22894] 20/20 Data Shed "itemID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-15

A vulnerability has been reported in 20/20 Data Shed, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22894/

 --

[SA22888] BPG Easy Publisher / Smart Publisher "vjob" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-15

ajann has discovered a vulnerability in BPG Easy Publisher and Smart
Publisher, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/22888/

 --

[SA22884] ASP Smiley "Username" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-15

ajann has reported a vulnerability in ASP Smiley, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22884/

 --

[SA22879] F-PROT Antivirus Unspecified Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-15

GLEG has reported a vulnerability in F-PROT Antivirus, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22879/

 --

[SA22865] INFINICART Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-14

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
INFINICART, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22865/

 --

[SA22860] D-Link DWL-G132 Wireless Driver Beacon Rates Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-11-14

H D Moore has reported a vulnerability in D-Link DWL-G132 Wireless
driver, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22860/

 --

[SA22859] NetJetServer Two Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2006-11-16

Greg Linares has discovered two vulnerabilities in NetJetServer, which
can be exploited by malicious people to disclose sensitive information
and bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22859/

 --

[SA22857] Mercury Mail Transport System Unspecified Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-14

GLEG has reported a vulnerability in Mercury Mail Transport System,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22857/

 --

[SA22856] ASP Scripter Easy Portal and Live Support SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-14

ajann has reported a vulnerability in ASP Scripter Easy Portal and ASP
Scripter Live Support, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22856/

 --

[SA22848] Pragma FortressSSH Unspecified Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-14

GLEG has reported a vulnerability in Pragma FortressSSH, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22848/

 --

[SA22845] ASPPortal "Poll_ID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-13

ajann has discovered a vulnerability in ASPPortal, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22845/

 --

[SA22844] Munch Pro "catid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-13

ajann has reported a vulnerability in Munch Pro, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22844/

 --

[SA22840] UPublisher "ID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-13

ajann has reported a vulnerability in UPublisher, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22840/

 --

[SA22839] USupport "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-13

ajann has reported a vulnerability in USupport, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22839/

 --

[SA22838] UStore "ID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-13

ajann has reported a vulnerability in UStore, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22838/

 --

[SA22835] Estate Agent Manager "Username" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-14

ajann has reported a vulnerability in Estate Agent Manager, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22835/

 --

[SA22832] Eudora WorldMail Unspecified Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-14

GLEG has reported a vulnerability in Eudora WorldMail, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22832/

 --

[SA22830] NuSchool "NewsID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-13

ajann has reported a vulnerability in NuSchool, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22830/

 --

[SA22829] NuStore "SubCatagoryID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-13

ajann has reported a vulnerability in NuStore, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22829/

 --

[SA22828] NuRealestate "PropID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-13

ajann has reported a vulnerability in NuRealestate, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22828/

 --

[SA22827] NuCommunity "cl_cat_ID" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-13

ajann has reported a vulnerability in NuCommunity, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22827/

 --

[SA22883] Microsoft Windows Workstation Service Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-11-14

eEye Digital Security has reported a vulnerability in Microsoft
Windows, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22883/

 --

[SA22866] Microsoft Windows Client Service for Netware Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2006-11-14

Two vulnerabilities have been reported in Microsoft Windows, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22866/

 --

[SA22802] Citrix Presentation Server IMA Service Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2006-11-10

Two vulnerabilities have been reported in Citrix Presentation Server,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22802/

 --

[SA22928] Selenium Server FTP Server Two Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2006-11-16

Greg Linares has discovered two vulnerabilities in Selenium Server,
which can be exploited by malicious users to enumerate files on an
affected system and disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/22928/

 --

[SA22927] Selenium Server Web Server Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-16

Greg Linares has discovered a vulnerability in Selenium Server, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/22927/

 --

[SA22916] Helm Web Hosting Control Panel Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-16

Aria-Security Team have reported some vulnerabilities in Helm Web
Hosting Control Panel, which can be exploited by malicious users to
conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22916/

 --

[SA22893] Conxint FTP Server Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2006-11-15

Greg Linares has discovered a vulnerability in Conxint FTP Server,
which can be exploited by malicious users to enumerate files on an
affected system and to disclose potential sensitive information.

Full Advisory:
http://secunia.com/advisories/22893/

 --

[SA22874] ALFTP FTP Server Two Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information
Released:    2006-11-15

Greg Linares has discovered two vulnerabilities in ALFTP FTP Server,
which can be exploited by malicious users to gain knowledge of certain
system information and to perform certain actions on the vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22874/

 --

[SA22861] Kerio MailServer Unspecified Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-14

GLEG has reported a vulnerability in Kerio MailServer, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/22861/

 --

[SA22836] Eudora WorldMail Unspecified Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-14

GLEG has reported a vulnerability in Eudora WorldMail, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/22836/

 --

[SA22871] Windows Active Directory Unspecified Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-11-14

GLEG has reported a vulnerability in Microsoft Windows, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/22871/

 --

[SA22863] PHPRunner Information Disclosure Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-11-14

Lostmon has discovered a security issue in PHPRunner, which can be
exploited by malicious, local users to gain access to potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/22863/

 --

[SA22913] Outpost Firewall Pro Hooked Functions Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-11-16

Matousec has discovered a vulnerability in Outpost Firewall Pro, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22913/


UNIX/Linux:--

[SA22929] SGI Advanced Linux Environment Multiple Updates

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Privilege
escalation, DoS, System access
Released:    2006-11-16

SGI has issued a patch for SGI Advanced Linux Environment. This fixes
some vulnerabilities, which can be exploited by malicious, local users
to perform certain actions with escalated privileges, and by malicious
people to bypass certain security restrictions, conduct cross-site
scripting attacks, to cause a DoS (Denial of Service), or potentially
to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22929/

 --

[SA22926] Debian update for openssh

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-16

Debian has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22926/

 --

[SA22903] Debian update for pdns

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-15

Debian has issued an update for pdns. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22903/

 --

[SA22890] SGI Advanced Linux Environment Update for kdelibs

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-16

SGI has issued a patch for SGI Advanced Linux Environment. This fixes a
vulnerability, which can be exploited by malicious people to cause a DoS
(Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22890/

 --

[SA22881] SUSE update for php4 and php5

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-15

SUSE has issued an update for php4 and php5. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22881/

 --

[SA22855] phpJobScheduler "installed_config_file" File Inclusion
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-14

Some vulnerabilities have been discovered in phpJobScheduler, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22855/

 --

[SA22849] Debian update for mozilla-firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Spoofing, DoS, System access
Released:    2006-11-14

Debian has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
spoofing and DoS (Denial of Service) attacks, bypass certain security
restrictions and potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22849/

 --

[SA22823] Gentoo update for openssh

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-14

Gentoo has issued an update for openssh. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22823/

 --

[SA22820] EncapsCMS "root" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-14

Firewall has discovered some vulnerabilities in EncapsCMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22820/

 --

[SA22817] Mandriva update for mozilla-firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-11-13

Mandriva has issued an update for mozilla-firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22817/

 --

[SA22907] Sun Solaris libXfont Integer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-15

Sun has acknowledged a vulnerability in Sun Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22907/

 --

[SA22898] Trustix Update for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2006-11-15

Trustix has issued an update for multiple packages. This fixes some
vulnerabilities and a weakness, which can be exploited by malicious
people to bypass certain security restrictions, cause a DoS (Denial of
Service), or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22898/

 --

[SA22877] Dotdeb PHP "mail()" Function CRLF Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2006-11-15

Stefan Esser has discovered a vulnerability in Dotdeb PHP, which can be
exploited by malicious people to send manipulated e-mail messages and
expose sensitive information.

Full Advisory:
http://secunia.com/advisories/22877/

 --

[SA22875] VMware ESX Server Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, DoS,
System access
Released:    2006-11-14

Some vulnerabilities, security issues, and a weakness have been
reported in VMware ESX Server, which can be exploited by malicious,
local users to bypass certain security restrictions and disclose
potentially sensitive information, or by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22875/

 --

[SA22867] ShopSystem "sessid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-14

David Vieira-Kurz has reported a vulnerability in ShopSystem, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22867/

 --

[SA22858] eXtremail Unspecified Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-14

GLEG has reported a vulnerability in eXtremail, which potentially can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22858/

 --

[SA22851] xtacacsd Unspecified Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-14

GLEG has reported a vulnerability in xtacacsd, which potentially can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22851/

 --

[SA22842] Ampache Unauthorized Guest Access

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-14

A vulnerability has been reported in Ampache, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22842/

 --

[SA22841] SUSE update for wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-14

SUSE has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22841/

 --

[SA22834] SUSE update for ImageMagick

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-14

SUSE has issued an update for ImageMagick. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22834/

 --

[SA22819] Gentoo update for graphicsmagick

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-14

Gentoo has issued an update for graphicsmagick. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22819/

 --

[SA22815] Mandriva update for mozilla-thunderbird

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-11-13

Mandriva has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22815/

 --

[SA22813] myStats SQL Injection And Cross-Site Scripting
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-13

Laurent Gaffié and Benjamin Mossé have discovered some vulnerabilities
in myStats, which can be exploited by malicious people to conduct SQL
injection and cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22813/

 --

[SA22803] ProFTPD Unspecified Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-11-10

Evgeny Legerov has reported a vulnerability in ProFTPD, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22803/

 --

[SA22923] Red Hat update for elinks

Critical:    Moderately critical
Where:       From local network
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2006-11-16

Red Hat has issued an update for elinks. This fixes a vulnerability,
which can be exploited by malicious people to expose sensitive
information and manipulate data.

Full Advisory:
http://secunia.com/advisories/22923/

 --

[SA22905] Links "smb" Protocol File Upload/Download Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2006-11-15

Teemu Salmela has discovered a vulnerability in Links, which can be
exploited by malicious people to expose sensitive information and
manipulate data.

Full Advisory:
http://secunia.com/advisories/22905/

 --

[SA22889] rPath update for libpng

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-16

rPath has issued an update for libpng. This fixes a vulnerability,
which can be exploited to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22889/

 --

[SA22869] Red Hat update for nss_ldap

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-15

Red Hat has issued an update for nss_ldap. This fixes a security issue,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22869/

 --

[SA22868] Debian update for trac

Critical:    Less critical
Where:       From remote
Impact:      Hijacking
Released:    2006-11-14

Debian has issued an update for trac. This fixes a vulnerability which
can be exploited by malicious people to conduct cross-site request
forgery attacks.

Full Advisory:
http://secunia.com/advisories/22868/

 --

[SA22854] Gentoo update for librmp4

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-14

Gentoo has issued an update for librpm4. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22854/

 --

[SA22826] Debian update for bugzilla

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Privilege escalation
Released:    2006-11-13

Debian has issued an update for bugzilla. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
perform certain actions with escalated privileges, and by malicious
people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22826/

 --

[SA22801] FreeBSD update for libarchive

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-10

FreeBSD has issued an update for libarchive. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22801/

 --

[SA22822] SUSE update for kernel

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-11-13

SUSE has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22822/

 --

[SA22853] Gentoo update for ftpd

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2006-11-13

Gentoo has issued an update for ftpd. This fixes some vulnerabilities,
which can be exploited by malicious, local users to disclose
potentially sensitive information or perform certain actions with
escalated privileges.

Full Advisory:
http://secunia.com/advisories/22853/

 --

[SA22852] Ubuntu update for avahi

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-11-13

Ubuntu has issued an update for avahi. This fixes a vulnerability,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/22852/

 --

[SA22816] Linux NetKit FTP Server Information Disclosure and Privilege
Escalation

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2006-11-13

Paul Szabo has reported some vulnerabilities in the Linux NetKit FTP
Server, which can be exploited by malicious, local users to gain
knowledge of potentially sensitive information, or perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/22816/

 --

[SA22807] Avahi "netlink" Message Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-11-13

A vulnerability has been reported in Avahi, which can be exploited by
malicious, local users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22807/

 --

[SA22872] Red Hat update for openssh

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-15

Red Hat has issued an update for openssh. This fixes a weakness, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22872/

 --

[SA22814] Mandriva update for openssh

Critical:    Not critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-13

Mandriva has issued an update for openssh. This fixes a weakness, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22814/

 --

[SA22906] Kerio WebSTAR "libucache.dylib" Privilege Escalation

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-11-16

Kevin Finisterre has reported a vulnerability in Kerio WebSTAR, which
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/22906/

 --

[SA22887] Fedora Core SELinux "superblock_doinit()" Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-11-15

LMH has reported a vulnerability in Fedora Core, which can be exploited
by malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22887/

 --

[SA22886] Fedora Core "init_journal()" Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-11-16

LMH has reported a vulnerability in Fedora Core, which can be exploited
by malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22886/

 --

[SA22876] VMware ESX Server x87 Register Information Leak

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information, System access
Released:    2006-11-14

A security issue has been reported in VMware ESX Server, which can be
exploited by malicious, local users to disclose potentially sensitive
information.

Full Advisory:
http://secunia.com/advisories/22876/

 --

[SA22837] Fedora Core Ext2 File System Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-11-13

LMH has reported a vulnerability in Fedora Core, which can be exploited
by malicious, local users to cause a DoS (Denial of Service)

Full Advisory:
http://secunia.com/advisories/22837/

 --

[SA22808] Mac OS X "fpathconf()" Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-11-10

Ilja Van Sprundel has discovered a vulnerability in Mac OS X, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22808/


Other:--

[SA22799] Cisco Products OpenSSL Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2006-11-09

Cisco has acknowledged some vulnerabilities in various products, which
can be exploited by malicious people to bypass certain security
restrictions, cause a DoS (Denial of Service), and potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22799/

 --

[SA22833] Arkoon SSL360 Unspecified Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-14

Some vulnerabilities have been reported in Arkoon SSL360, which can be
exploited by malicious people to conduct  cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/22833/

 --

[SA22818] 3Com SuperStack 3 Switch 4400 Information Disclosure

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information
Released:    2006-11-14

A security issue has been reported in the 3Com SuperStack 3 Switch 4400
family, which can be exploited by malicious people to gain knowledge of
sensitive information.

Full Advisory:
http://secunia.com/advisories/22818/


Cross Platform:--

[SA22873] phpPeanuts "Include" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-15

Hidayat Sagita has discovered a vulnerability in phpPeanuts, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22873/

 --

[SA22870] Mambo shambo2 Component File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-14

Crackers_Child has reported a vulnerability in the shambo2 component
for Mambo, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22870/

 --

[SA22862] Aigaion "DIR" Multiple File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-14

navairum has discovered some vulnerabilities in aigaion, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22862/

 --

[SA22824] PowerDNS Recursor Two Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-13

Two vulnerabilities have been reported in PowerDNS Recursor, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22824/

 --

[SA22811] AVG Anti-Virus Multiple File Parsing Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2006-11-14

Sergio Alvarez has reported some vulnerabilities in AVG Anti-Virus,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22811/

 --

[SA22805] ContentNow Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information,
System access, Cross Site Scripting
Released:    2006-11-13

r0ut3r and Timq have discovered some vulnerabilities in ContentNow,
which can be exploited by malicious people to disclose certain
sensitive information, perform certain actions with escalated
privileges, to compromise a vulnerable system, or to perform cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/22805/

 --

[SA22804] LetterIt "lang" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-10

v1per-haCker has discovered a vulnerability in LetterIt, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22804/

 --

[SA22919] Extreme CMS Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2006-11-15

r0ut3r has discovered some vulnerabilities in Extreme CMS, which can be
exploited by malicious users to conduct script insertion attacks and by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22919/

 --

[SA22910] Sun Java JRE Swing Library Applet Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-15

A vulnerability has been reported in Sun Java JRE, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22910/

 --

[SA22885] Etomite SQL Injection And Local File Inclusion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2006-11-16

Alfredo Pesoli has discovered two vulnerabilities in Etomite, which can
be exploited by malicious people to conduct SQL injection attacks and by
malicious users to expose sensitive information.

Full Advisory:
http://secunia.com/advisories/22885/

 --

[SA22847] Rama CMS "lang" File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-11-13

Kacper has reported a vulnerability in Rama CMS, which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/22847/

 --

[SA22846] PHPWind "AdminUser" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-13

rgod has reported a vulnerability in PHPWind, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22846/

 --

[SA22831] Broadcom Wireless Driver Probe Response SSID Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-11-13

Johnny Cache has reported a vulnerability in Broadcom Wireless driver,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22831/

 --

[SA22812] Vallheru mail.php SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-14

Some vulnerabilities have been reported in Vallheru, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22812/

 --

[SA22810] BrewBlogger "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2006-11-13

Craig Heffner has discovered a vulnerability in BrewBlogger, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22810/

 --

[SA22800] ELOG "global" Logbook Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-10

Jayesh KS and Arun Kethipelly have discovered a vulnerability in ELOG,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22800/

 --

[SA22920] ELinks "smb" Protocol File Upload/Download Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2006-11-15

Teemu Salmela has discovered a vulnerability in ELinks, which can be
exploited by malicious people to expose sensitive information and
manipulate data.

Full Advisory:
http://secunia.com/advisories/22920/

 --

[SA22900] libpng sPLT Chunk Handling Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-15

Tavis Ormandy has reported a vulnerability in libpng, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22900/

 --

[SA22892] Verity Ultraseek Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2006-11-16

Some vulnerabilities have been reported in Verity Ultraseek, which can
be exploited by malicious users to gain knowledge of sensitive
information or by malicious people to bypass certain security
restrictions and disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/22892/

 --

[SA22864] Netquery "User-Agent" HTTP Header Script Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-14

Tal Argoni has reported a vulnerability in Netquery, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/22864/

 --

[SA22843] Nucleus Unspecified Script Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-14

A vulnerability has been reported in Nucleus CMS, which can be
exploited by malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/22843/

 --

[SA22825] CPanel Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Hijacking, Cross Site Scripting
Released:    2006-11-14

Aria-Security has reported some vulnerabilities in cPanel, which can be
exploited by malicious users to conduct script insertion attacks and by
malicious people to conduct cross-site scripting and cross-site request
forgery attacks.

Full Advisory:
http://secunia.com/advisories/22825/

 --

[SA22809] Firefox Sage Extension Feed Script Insertion Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-10

David Kierznowski has discovered a vulnerability in the Sage extension
for Firefox, which can be exploited by malicious people to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/22809/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45




_________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Fri Nov 17 2006 - 02:20:02 PST