[ISN] Secunia Weekly Summary - Issue: 2006-47

From: InfoSec News (alerts@private)
Date: Thu Nov 23 2006 - 22:32:35 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2006-11-16 - 2006-11-23                        

                       This week: 116 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

We are proud to announce the availability of the Secunia "Security
Watchdog" Blog.

The Secunia "Security Watchdog" Blog is used to communicate our
opinions about vulnerabilities, security, ethics, and our responses to
articles, research papers, and other blog entries regarding Secunia
and vulnerabilities.

To get the facts about vulnerabilities read our Secunia advisories. To
get our opinions read the Secunia "Security Watchdog" Blog.

The Blog:
http://secunia.com/blog/

Subscribe to the RSS Feed:
http://secunia.com/blog_rss/o.rss

========================================================================
2) This Week in Brief:

LMH has reported a vulnerability in Mac OS X, which potentially can be
exploited by malicious, local users to gain escalated privileges or by
malicious people to compromise a vulnerable system.

Currently, no solution is available from the vendor. Please see the
referenced Secunia advisory for an alternative workaround.

Reference:
http://secunia.com/SA23012

 --
 
A vulnerability has been discovered in Firefox, which can be exploited
by malicious people to conduct phishing attacks.

The vulnerability is caused due to the Password Manager not properly
checking the URL before automatically filling in saved user credentials
into forms. This may be exploited to steal user credentials via
malicious forms in the same domain.

Reference:
http://secunia.com/SA23046

 --
 
A vulnerability has been reported in MailEnable IMAP service, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.

For more information please see the referenced Secunia advisory.

Reference:
http://secunia.com/SA23047

 --

VIRUS ALERTS:

During the past week Secunia collected 197 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA23012] Apple Mac OS X UDIF Memory Corruption Vulnerability
2.  [SA21910] Internet Explorer Multiple Vulnerabilities
3.  [SA22477] Internet Explorer 7 "mhtml:" Redirection Information
              Disclosure
4.  [SA22891] WinZip FileView ActiveX Control Multiple Vulnerabilities
5.  [SA22687] Microsoft XMLHTTP ActiveX Control Code Execution
              Vulnerability
6.  [SA23046] Firefox Password Manager Information Disclosure
7.  [SA22939] Sybase RFID Enterprise RSA Signature Forgery
8.  [SA22934] Sybase Afaria RSA Signature Forgery
9.  [SA22938] Sybase PowerBuilder RSA Signature Forgery
10. [SA22937] Sybase mFolio RSA Signature Forgery

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA23047] MailEnable IMAP Service Buffer Overflow Vulnerability
[SA23003] Acer LunchApp.APlunch ActiveX Control "Run" Insecure Method
[SA22999] XMPlay Playlist Parsing Buffer Overflow Vulnerability
[SA23068] SoftAcid Link Exchange Lite "url" and "psearch" SQL
Injection
[SA23067] CreaDirectory Cross-Site Scripting and SQL Injection
[SA23063] JiRo's Link Manager Script Insertion and SQL Injection
[SA23050] Enthrallweb eClassifieds Multiple SQL Injection
Vulnerabilities
[SA23036] NetGear MA521 Wireless Driver Long Rates Memory Corruption
[SA23017] BestWebApp Dating Site Cross-Site Scripting and SQL
Injection
[SA23016] Enthrallweb eHomes Cross-Site Scripting and SQL Injection
[SA23004] Turbo Searcher arj.dll Buffer Overflow Vulnerability
[SA22987] Classified System 2004 Multiple Vulnerabilities
[SA22986] Kerio WinRoute Firewall DNS Response Denial of Service
[SA22985] Rapid Classified Cross-Site Scripting and SQL Injection
[SA22981] Active News Manager "query" SQL Injection Vulnerability
[SA22975] E-commerce Kit-1 PayPal Edition Multiple SQL Injection
[SA22974] 20/20 Auto Gallery SQL Injection Vulnerabilities
[SA22962] NetGear WG111v2 Wireless Driver Beacon Request Buffer
Overflow
[SA22955] Enthrallweb eShopping Cart Multiple SQL Injection
[SA22954] CandyPress Store "policy" and "brand" SQL Injection
[SA22946] ASPCart Multiple SQL Injection Vulnerabilities
[SA22943] BaalASP Smart Form Portal Software Multiple Vulnerabilities
[SA23060] CA BrightStor ARCserve Backup Buffer Overflow Vulnerability
[SA23027] Novell Client NWSPOOL.DLL Unspecified Buffer Overflow
Vulnerability
[SA23053] VMware VirtualCenter Client SSL Verification Security Issue
[SA23030] Conti FTPServer Two Vulnerabilities
[SA22952] i-Gallery "d" and "Search Gallery" Cross-Site Scripting
[SA22938] Sybase PowerBuilder RSA Signature Forgery
[SA22937] Sybase mFolio RSA Signature Forgery
[SA22936] Sybase Mach Desktop RSA Signature Forgery
[SA22968] TFTPD32 GET/PUT Denial of Service Vulnerability
[SA22972] CA Personal Firewall HIPS Drivers Privilege Escalation

UNIX/Linux:
[SA23031] Oliver "conf[motdfile]" File Inclusion Vulnerability
[SA23012] Apple Mac OS X UDIF Memory Corruption Vulnerability
[SA23010] Debian update for xine-lib
[SA23009] Ubuntu update for firefox
[SA23001] phpWebThings "editor_insert_bottom" File Inclusion
Vulnerability
[SA22989] PHPQuickGallery "textFile" File Inclusion Vulnerability
[SA22980] SUSE update for MozillaFirefox, MozillaThunderbird, and
seamonkey
[SA22976] SUSE update for pdns
[SA22967] chetcpasswd Multiple Vulnerabilities
[SA22958] Mandriva update for doxygen
[SA22957] Mandriva update for chromium
[SA23055] aBitWhizzy "f" Directory Traversal Vulnerability
[SA23049] Rialto Cross-Site Scripting and SQL Injection
Vulnerabilities
[SA23045] CuteNews Script Insertion and Cross Site Scripting
Vulnerabilities
[SA23044] Sun Solaris Gimp XCF Parsing Buffer Overflow Vulnerability
[SA23019] Gentoo update for qmailadmin
[SA23018] Mandriva update for gv
[SA23013] Ubuntu update for mozilla-thunderbird
[SA23007] Dovecot Cache File Off-By-One Vulnerability
[SA23006] Debian update for gv
[SA22998] Debian update for imagemagick
[SA22996] Ubuntu update for OpenLDAP
[SA22995] Gentoo update for texinfo
[SA22979] SUSE update for asterisk
[SA22978] IBM OS/400 osp-cert ASN.1 Vulnerabilities
[SA22973] PHP Upload Tool File Upload And Directory Traversal
[SA22966] Powies PSCRIPT pMM "edit" SQL Injection Vulnerability
[SA22964] PSCRIPT Forum "id" SQL Injection Vulnerability
[SA22960] DoSePa "file" Directory Traversal Vulnerability
[SA22953] Mandriva update for openldap
[SA22948] Mandriva update for bind
[SA22944] Helix DNA Server Unspecified Buffer Overflow Vulnerability
[SA22942] Gentoo update for wordpress
[SA23022] Mandriva update for links
[SA23069] Debian update for proftpd
[SA23040] Gentoo update for ruby
[SA23039] Gentoo update for tikiwiki
[SA23000] Mandriva update for proftpd
[SA22988] my little weblog "action" Cross-Site Scripting
[SA22956] Mandriva update for libpng
[SA22951] Ubuntu update for libpng
[SA22950] Trustix update for libpng
[SA22941] Gentoo update for libpng
[SA23042] Gentoo update for avahi
[SA23035] Kile Backup File Insecure File Permissions
[SA23033] Mandriva update for xorg-x11
[SA23020] Mandriva update for avahi
[SA23008] Debian update for flexbackup
[SA22993] OpenBSD ELF ld.so Environment Cleaning Vulnerability
[SA22982] Apple Remote Desktop Insecure Default Package Permissions
[SA23062] Apple Mac OS X UDTO HFS+ Denial of Service Vulnerability
[SA22994] Wabbit PHP Gallery Script "dir" Directory Traversal
[SA22990] mAlbum "gal" Directory Traversal Vulnerability
[SA23034] Fedora Core minix File System Denial of Service
Vulnerability
[SA22961] FVWM "evalFolderLine()" Local Command Injection

Other:
[SA23038] IBM HMC OpenSSH / OpenSSL Vulnerabilities
[SA22965] Avaya Messaging Storage Server Firefox Multiple
Vulnerabilities
[SA22945] Avaya Products Linux Kernel Multiple Vulnerabilities
[SA22992] Avaya CMS Sun Solaris X Display Manager Security Issue

Cross Platform:
[SA23059] e-Ark "cfg_pear_path" File Inclusion Vulnerability
[SA23037] Photo Cart "admin_folder" and "path" File Inclusion
[SA23002] PHP Easy Download "file_info/admin/save.php" PHP Code
Execution
[SA22977] Fuzzball MUCK MPI Buffer Overflow Vulnerabilities
[SA22963] WORK system e-commerce "g_include" File Inclusion
Vulnerabilities
[SA22947] Comdev One Admin Pro "path[docroot]" and "path[skin]" File
Inclusion
[SA23065] GrimBB Unspecified Script Insertion Vulnerabilities
[SA23054] Seditio "id" SQL Injection Vulnerability
[SA23028] IBM WebSphere Application Server Multiple Vulnerabilities
[SA23026] Vikingboard Script Insertion and Local File Inclusion
[SA23023] mod_auth_kerb "der_get_oid()" Off-By-One Vulnerability
[SA23005] ContentNow "pageid" SQL Injection Vulnerability
[SA22983] PostNuke "error.php" Local File Inclusion
[SA22970] Hot Links SQL "dlback.php" / "dlback.cgi" Information
Disclosure
[SA23046] Firefox Password Manager Information Disclosure
[SA23025] BLOG:CMS "FADDR" Cross-Site Scripting Vulnerability
[SA23021] Travelsized CMS index.php Cross-Site Scripting
Vulnerabilities
[SA23011] vBulletin "prefs" / "navprefs" Cross-Site Scripting
Vulnerabilities
[SA22984] cPanel "dns" Cross-Site Scripting Vulnerability
[SA22969] phpMyAdmin Script Insertion and IP Address Check Bypass
[SA22949] Sybase Enterprise Portal RSA Signature Forgery
[SA22940] Sybase Unwired Accelerator RSA Signature Forgery
[SA22939] Sybase RFID Enterprise RSA Signature Forgery
[SA22935] Sybase EAServer RSA Signature Forgery
[SA22934] Sybase Afaria RSA Signature Forgery

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA23047] MailEnable IMAP Service Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-23

A vulnerability has been reported in MailEnable IMAP service, which can
be exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/23047/

 --

[SA23003] Acer LunchApp.APlunch ActiveX Control "Run" Insecure Method

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-20

Tan Chew Keong has reported a vulnerability in LunchApp.APlunch ActiveX
Control, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/23003/

 --

[SA22999] XMPlay Playlist Parsing Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-21

Greg Linares has discovered a vulnerability in XMPlay, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/22999/

 --

[SA23068] SoftAcid Link Exchange Lite "url" and "psearch" SQL
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-22

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
SoftAcid Link Exchange Lite, which can be exploited by malicious people
to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/23068/

 --

[SA23067] CreaDirectory Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-22

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
CreaDirectory, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/23067/

 --

[SA23063] JiRo's Link Manager Script Insertion and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-22

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
JiRo's Link Manager, which can be exploited by malicious people to
conduct script insertion and SQL injections attacks.

Full Advisory:
http://secunia.com/advisories/23063/

 --

[SA23050] Enthrallweb eClassifieds Multiple SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-21

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
Enthrallweb eClassifieds, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/23050/

 --

[SA23036] NetGear MA521 Wireless Driver Long Rates Memory Corruption

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-11-20

Laurent Butti has reported a vulnerability in NetGear MA521 Wireless
driver, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/23036/

 --

[SA23017] BestWebApp Dating Site Cross-Site Scripting and SQL
Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-20

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
BestWebApp Dating Site, which can be exploited by malicious people to
conduct cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/23017/

 --

[SA23016] Enthrallweb eHomes Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-21

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
Enthrallweb eHomes, which can be exploited by malicious people to
conduct cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/23016/

 --

[SA23004] Turbo Searcher arj.dll Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-11-20

Tan Chew Keong has reported a vulnerability in Turbo Searcher, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/23004/

 --

[SA22987] Classified System 2004 Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-21

Laurent Gaffie and Benjamin Mosse have reported some vulnerabilities in
Classified System 2004, which can be exploited by malicious people to
conduct cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22987/

 --

[SA22986] Kerio WinRoute Firewall DNS Response Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-21

A vulnerability has been reported in Kerio WinRoute Firewall, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22986/

 --

[SA22985] Rapid Classified Cross-Site Scripting and SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-21

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
Rapid Classified, which can be exploited by malicious people to conduct
cross-site scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22985/

 --

[SA22981] Active News Manager "query" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-20

Laurent Gaffié and Benjamin Mossé have reported a vulnerability in
Active News Manager, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22981/

 --

[SA22975] E-commerce Kit-1 PayPal Edition Multiple SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-17

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
E-commerce Kit-1 PayPal Edition, which can be exploited by malicious
people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22975/

 --

[SA22974] 20/20 Auto Gallery SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-20

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
20/20 Auto Gallery, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22974/

 --

[SA22962] NetGear WG111v2 Wireless Driver Beacon Request Buffer
Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2006-11-17

A vulnerability has been reported in NetGear WG111v2 wireless driver,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/22962/

 --

[SA22955] Enthrallweb eShopping Cart Multiple SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-17

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
Enthrallweb eShopping Cart, which can be exploited by malicious people
to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22955/

 --

[SA22954] CandyPress Store "policy" and "brand" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-17

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
CandyPress Store, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22954/

 --

[SA22946] ASPCart Multiple SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-17

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
ASPCart, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/22946/

 --

[SA22943] BaalASP Smart Form Portal Software Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-17

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
BaalASP Smart Form Portal Software, which can be exploited by malicious
people to conduct SQL injection and script insertion attacks.

Full Advisory:
http://secunia.com/advisories/22943/

 --

[SA23060] CA BrightStor ARCserve Backup Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2006-11-22

LSsecurity has reported a vulnerability in BrightStor ARCserver Backup,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/23060/

 --

[SA23027] Novell Client NWSPOOL.DLL Unspecified Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      Unknown
Released:    2006-11-21

A vulnerability with an unknown impact has been reported in Novell
Client.

Full Advisory:
http://secunia.com/advisories/23027/

 --

[SA23053] VMware VirtualCenter Client SSL Verification Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2006-11-22

A security issue has been reported in VMware VirtualCenter, which can
be exploited by malicious people to conduct spoofing attacks.

Full Advisory:
http://secunia.com/advisories/23053/

 --

[SA23030] Conti FTPServer Two Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2006-11-20

Greg Linares has discovered two vulnerabilities in Conti FTPServer,
which can be exploited by malicious users to enumerate files on an
affected system and disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/23030/

 --

[SA22952] i-Gallery "d" and "Search Gallery" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-17

Aria-Security Team have reported some vulnerabilities in i-Gallery,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/22952/

 --

[SA22938] Sybase PowerBuilder RSA Signature Forgery

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-17

Sybase has acknowledged a vulnerability in PowerBuilder, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22938/

 --

[SA22937] Sybase mFolio RSA Signature Forgery

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-17

Sybase has acknowledged a vulnerability in mFolio, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22937/

 --

[SA22936] Sybase Mach Desktop RSA Signature Forgery

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-17

Sybase has acknowledged a vulnerability in Mach Desktop, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22936/

 --

[SA22968] TFTPD32 GET/PUT Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2006-11-20

liuqx has discovered a vulnerability in TFTPD32, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22968/

 --

[SA22972] CA Personal Firewall HIPS Drivers Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-11-17

Rubén Santamarta has reported some vulnerabilities in CA Personal
Firewall, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/22972/


UNIX/Linux:--

[SA23031] Oliver "conf[motdfile]" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2006-11-20

Drago84 has discovered a vulnerability in Oliver, which can be
exploited by malicious people to disclose sensitive information and
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/23031/

 --

[SA23012] Apple Mac OS X UDIF Memory Corruption Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Privilege escalation, DoS, System access
Released:    2006-11-21

LMH has reported a vulnerability in Mac OS X, which potentially can be
exploited by malicious, local users to gain escalated privileges or by
malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/23012/

 --

[SA23010] Debian update for xine-lib

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-21

Debian has issued an update for xine-lib. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/23010/

 --

[SA23009] Ubuntu update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-11-22

Ubuntu has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/23009/

 --

[SA23001] phpWebThings "editor_insert_bottom" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-20

nuffsaid has discovered a vulnerability in phpWebThings, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/23001/

 --

[SA22989] PHPQuickGallery "textFile" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-20

Al7ejaz Hacker has discovered a vulnerability in PHPQuickGallery, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22989/

 --

[SA22980] SUSE update for MozillaFirefox, MozillaThunderbird, and
seamonkey

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-11-17

SUSE has issued an update for MozillaFirefox, MozillaThunderbird, and
seamonkey. This fixes some vulnerabilities, which can be exploited by
malicious people to bypass certain security restrictions, conduct
cross-site scripting attacks, and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22980/

 --

[SA22976] SUSE update for pdns

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-17

SUSE has issued an update for pdns. This fixes two vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22976/

 --

[SA22967] chetcpasswd Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, System
access
Released:    2006-11-21

Some vulnerabilities have been discovered in chetcpasswd, which can be
exploited by malicious people to bypass security restrictions, identify
valid user accounts and potentially compromise vulnerable systems.

Full Advisory:
http://secunia.com/advisories/22967/

 --

[SA22958] Mandriva update for doxygen

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-17

Mandriva has issued an update for doxygen. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22958/

 --

[SA22957] Mandriva update for chromium

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-17

Mandriva has issued an update for chromium. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22957/

 --

[SA23055] aBitWhizzy "f" Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2006-11-22

Laurent Gaffié and Benjamin Mossé have discovered a vulnerability in
aBitWhizzy, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/23055/

 --

[SA23049] Rialto Cross-Site Scripting and SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2006-11-21

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
Rialto, which can be exploited by malicious people to conduct cross-site
scripting and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/23049/

 --

[SA23045] CuteNews Script Insertion and Cross Site Scripting
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-22

trueend5 has discovered some vulnerabilities in CuteNews, which can be
exploited by malicious users to conduct script insertion attacks and
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/23045/

 --

[SA23044] Sun Solaris Gimp XCF Parsing Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-21

Sun Microsystems has acknowledged a vulnerability in Solaris, which can
be exploited by malicious people to cause a DoS (Denial of Service) and
potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/23044/

 --

[SA23019] Gentoo update for qmailadmin

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-22

Gentoo has issued an update for qmailadmin. This fixes a vulnerability,
which potentially can be exploited by malicious people to a DoS (Denial
of Service).

Full Advisory:
http://secunia.com/advisories/23019/

 --

[SA23018] Mandriva update for gv

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-20

Mandriva has issued an update for gv. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/23018/

 --

[SA23013] Ubuntu update for mozilla-thunderbird

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-11-22

Ubuntu has issued an update for mozilla-thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions, conduct cross-site scripting attacks,
and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/23013/

 --

[SA23007] Dovecot Cache File Off-By-One Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-20

A vulnerability has been reported in Dovecot, which can be exploited by
malicious users to cause a DoS (Denial of Service) or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/23007/

 --

[SA23006] Debian update for gv

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-21

Debian has issued an update for gv. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/23006/

 --

[SA22998] Debian update for imagemagick

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-20

Debian has issued an update for imagemagick. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22998/

 --

[SA22996] Ubuntu update for OpenLDAP

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-21

Ubuntu has issued an update for OpenLDAP. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22996/

 --

[SA22995] Gentoo update for texinfo

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-22

Gentoo has issued an update for texinfo. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22995/

 --

[SA22979] SUSE update for asterisk

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-17

SUSE has issued an update for asterisk. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22979/

 --

[SA22978] IBM OS/400 osp-cert ASN.1 Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown
Released:    2006-11-20

Some vulnerabilities with unknown impacts have been reported in
OS/400.

Full Advisory:
http://secunia.com/advisories/22978/

 --

[SA22973] PHP Upload Tool File Upload And Directory Traversal

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2006-11-17

Some vulnerabilities have been discovered in PHP Upload Tool, which can
be exploited by malicious users to gain system access or by malicious
people to expose sensitive information.

Full Advisory:
http://secunia.com/advisories/22973/

 --

[SA22966] Powies PSCRIPT pMM "edit" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-20

SHiKaA has reported a vulnerability in Powies PSCRIPT pMM, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22966/

 --

[SA22964] PSCRIPT Forum "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-20

SHiKaA has reported a vulnerability in Powies PSCRIPT Forum, which can
be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/22964/

 --

[SA22960] DoSePa "file" Directory Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2006-11-20

Craig Heffner has discovered a vulnerability in DoSePa, which can be
exploited by malicious people to expose sensitive information.

Full Advisory:
http://secunia.com/advisories/22960/

 --

[SA22953] Mandriva update for openldap

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-20

Mandriva has issued an update for openldap. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22953/

 --

[SA22948] Mandriva update for bind

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2006-11-20

Mandriva has issued an update for bind. This fixes some
vulnerabilities, which can be exploited by malicious people to bypass
certain security restrictions or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22948/

 --

[SA22944] Helix DNA Server Unspecified Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-17

GLEG has reported a vulnerability in Helix DNA Server, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/22944/

 --

[SA22942] Gentoo update for wordpress

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2006-11-20

Gentoo has issued an update for wordpress. This fixes some
vulnerabilities, which can be exploited by malicious users to gain
knowledge of potentially sensitive information or cause a DoS (Denial
of Service), and by malicious people to gain knowledge of sensitive
information.

Full Advisory:
http://secunia.com/advisories/22942/

 --

[SA23022] Mandriva update for links

Critical:    Moderately critical
Where:       From local network
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released:    2006-11-21

Mandriva has issued an update for links. This fixes a vulnerability,
which can be exploited by malicious people to expose sensitive
information and manipulate data.

Full Advisory:
http://secunia.com/advisories/23022/

 --

[SA23069] Debian update for proftpd

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-22

Debian has issued an update for proftpd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/23069/

 --

[SA23040] Gentoo update for ruby

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-21

Gentoo has issued an update for ruby. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/23040/

 --

[SA23039] Gentoo update for tikiwiki

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2006-11-21

Gentoo has issued an update for tikiwiki. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
certain sensitive information or conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/23039/

 --

[SA23000] Mandriva update for proftpd

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-22

Mandriva has issued an update for proftpd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/23000/

 --

[SA22988] my little weblog "action" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-21

the_Edit0r has discovered a vulnerability in my little weblog, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/22988/

 --

[SA22956] Mandriva update for libpng

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-17

Mandriva has issued an update for libpng. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/22956/

 --

[SA22951] Ubuntu update for libpng

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-20

Ubuntu has issued an update for libpng. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22951/

 --

[SA22950] Trustix update for libpng

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-20

Trustix has issued an update for libpng. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22950/

 --

[SA22941] Gentoo update for libpng

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2006-11-20

Gentoo has issued an update for libpng. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/22941/

 --

[SA23042] Gentoo update for avahi

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-11-21

Gentoo has issued an update for avahi. This fixes a vulnerability,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/23042/

 --

[SA23035] Kile Backup File Insecure File Permissions

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2006-11-20

A security issue has been reported in Kile, which can be exploited by
malicious, local users to gain knowledge of certain information.

Full Advisory:
http://secunia.com/advisories/23035/

 --

[SA23033] Mandriva update for xorg-x11

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-11-20

Mandriva has issued an update for xorg-x11. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/23033/

 --

[SA23020] Mandriva update for avahi

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-11-21

Mandriva has issued an update for avahi. This fixes a vulnerability,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/23020/

 --

[SA23008] Debian update for flexbackup

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-11-21

Debian has issued an update for flexbackup. This fixes a vulnerability,
which can be exploited by malicious, local users to perform certain
actions on a vulnerable system with escalated privileges.

Full Advisory:
http://secunia.com/advisories/23008/

 --

[SA22993] OpenBSD ELF ld.so Environment Cleaning Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-11-20

A vulnerability has been reported in OpenBSD, which can be exploited by
malicious, local users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22993/

 --

[SA22982] Apple Remote Desktop Insecure Default Package Permissions

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2006-11-17

A security issue has been reported in Apple Remote Desktop, which can
be exploited by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/22982/

 --

[SA23062] Apple Mac OS X UDTO HFS+ Denial of Service Vulnerability

Critical:    Not critical
Where:       From remote
Impact:      DoS
Released:    2006-11-22

LMH has reported a vulnerability in Mac OS X, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/23062/

 --

[SA22994] Wabbit PHP Gallery Script "dir" Directory Traversal

Critical:    Not critical
Where:       From remote
Impact:      Exposure of system information
Released:    2006-11-21

the_Edit0r has discovered a vulnerability in Wabbit PHP Gallery Script,
which can be exploited by malicious people to disclose system
information.

Full Advisory:
http://secunia.com/advisories/22994/

 --

[SA22990] mAlbum "gal" Directory Traversal Vulnerability

Critical:    Not critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-11-21

Tux25 has discovered a vulnerability in mAlbum, which can be exploited
by malicious users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/22990/

 --

[SA23034] Fedora Core minix File System Denial of Service
Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2006-11-20

LMH has reported a vulnerability in Fedora Core, which can be exploited
by malicious, local users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/23034/

 --

[SA22961] FVWM "evalFolderLine()" Local Command Injection

Critical:    Not critical
Where:       Local system
Impact:      Security Bypass
Released:    2006-11-21

Tavis Ormandy has reported a security issue in FVWM, which can be
exploited by malicious, local users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22961/


Other:--

[SA23038] IBM HMC OpenSSH / OpenSSL Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2006-11-22

IBM has acknowledged some vulnerabilities in HMC, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/23038/

 --

[SA22965] Avaya Messaging Storage Server Firefox Multiple
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2006-11-17

Avaya has acknowledged some vulnerabilities in Firefox, included in
Avaya Messaging Storage Server, which can be exploited by malicious
people to bypass certain security restrictions, conduct cross-site
scripting attacks, or potentially to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22965/

 --

[SA22945] Avaya Products Linux Kernel Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS
Released:    2006-11-17

Avaya has acknowledged some vulnerabilities in various Avaya products,
which can be exploited by malicious, local users to bypass certain
security restrictions, expose potentially sensitive information, or to
cause a DoS (Denial of Service), and by malicious people to cause a
DoS.

Full Advisory:
http://secunia.com/advisories/22945/

 --

[SA22992] Avaya CMS Sun Solaris X Display Manager Security Issue

Critical:    Not critical
Where:       Local system
Impact:      Exposure of system information
Released:    2006-11-20

Avaya has acknowledged a security issue in CMS, which can be exploited
by malicious, local users to gain access to system information.

Full Advisory:
http://secunia.com/advisories/22992/


Cross Platform:--

[SA23059] e-Ark "cfg_pear_path" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-22

DeltahackingTEAM have discovered a vulnerability in e-Ark, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/23059/

 --

[SA23037] Photo Cart "admin_folder" and "path" File Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-22

irvian has reported two vulnerabilities in Photo Cart, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/23037/

 --

[SA23002] PHP Easy Download "file_info/admin/save.php" PHP Code
Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-20

nuffsaid has discovered a vulnerability in PHP Easy Download, which can
be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/23002/

 --

[SA22977] Fuzzball MUCK MPI Buffer Overflow Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2006-11-21

Some vulnerabilities have been reported in Fuzzball MUCK, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/22977/

 --

[SA22963] WORK system e-commerce "g_include" File Inclusion
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-17

SlimTim10 has reported some vulnerabilities in WORK system e-commerce,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22963/

 --

[SA22947] Comdev One Admin Pro "path[docroot]" and "path[skin]" File
Inclusion

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2006-11-17

AG-Spider has reported some vulnerabilities in Comdev One Admin Pro,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/22947/

 --

[SA23065] GrimBB Unspecified Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-22

Some vulnerabilities have been reported in GrimBB, which can be
exploited by malicious users to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/23065/

 --

[SA23054] Seditio "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-22

Mustafa Can Bjorn Ipekci has reported a vulnerability in Seditio, which
can be exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/23054/

 --

[SA23028] IBM WebSphere Application Server Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Security Bypass, DoS, System access
Released:    2006-11-20

Some vulnerabilities have been reported in IBM WebSphere Application
Server, where some have unknown impacts and others can be exploited by
malicious users to bypass certain security restrictions, and by
malicious people to potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/23028/

 --

[SA23026] Vikingboard Script Insertion and Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of sensitive information
Released:    2006-11-20

Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in
Vikingboard, which can be exploited by malicious users to disclose
certain sensitive information and conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/23026/

 --

[SA23023] mod_auth_kerb "der_get_oid()" Off-By-One Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2006-11-21

A vulnerability has been reported in mod_auth_kerb module for Apache,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/23023/

 --

[SA23005] ContentNow "pageid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2006-11-22

Revenge has discovered a vulnerability in ContentNow, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/23005/

 --

[SA22983] PostNuke "error.php" Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-11-21

A vulnerability has been reported in PostNuke, which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/22983/

 --

[SA22970] Hot Links SQL "dlback.php" / "dlback.cgi" Information
Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-11-17

hack2prison has reported a vulnerability in Hot Links SQL, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/22970/

 --

[SA23046] Firefox Password Manager Information Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2006-11-22

Robert Chapin has discovered a vulnerability in Firefox, which can be
exploited by malicious people to conduct phishing attacks.

Full Advisory:
http://secunia.com/advisories/23046/

 --

[SA23025] BLOG:CMS "FADDR" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-20

katatafish has discovered a vulnerability in BLOG:CMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/23025/

 --

[SA23021] Travelsized CMS index.php Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-20

David Vieira-Kurz has discovered some vulnerabilities in Travelsized
CMS, which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/23021/

 --

[SA23011] vBulletin "prefs" / "navprefs" Cross-Site Scripting
Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-20

insanity has reported two vulnerabilities in vBulletin, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/23011/

 --

[SA22984] cPanel "dns" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2006-11-22

Aria-Security has reported a vulnerability in cPanel, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/22984/

 --

[SA22969] phpMyAdmin Script Insertion and IP Address Check Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2006-11-17

Some vulnerabilities have been discovered in phpMyAdmin, which can be
exploited by malicious users to conduct script insertion attacks and by
malicious people to bypass security restrictions.

Full Advisory:
http://secunia.com/advisories/22969/

 --

[SA22949] Sybase Enterprise Portal RSA Signature Forgery

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-17

Sybase has acknowledged a vulnerability in Sybase Enterprise Portal,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22949/

 --

[SA22940] Sybase Unwired Accelerator RSA Signature Forgery

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-17

Sybase has acknowledged a vulnerability in Sybase Unwired Accelerator,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22940/

 --

[SA22939] Sybase RFID Enterprise RSA Signature Forgery

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-17

Sybase has acknowledged a vulnerability in Sybase RFID Enterprise,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22939/

 --

[SA22935] Sybase EAServer RSA Signature Forgery

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-17

Sybase has acknowledged a vulnerability in Sybase EAServer, which can
be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/22935/

 --

[SA22934] Sybase Afaria RSA Signature Forgery

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2006-11-17

Sybase has acknowledged a vulnerability in Afaria, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/22934/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45




_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Thu Nov 23 2006 - 22:44:43 PST