======================================================================== The Secunia Weekly Advisory Summary 2006-11-16 - 2006-11-23 This week: 116 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: We are proud to announce the availability of the Secunia "Security Watchdog" Blog. The Secunia "Security Watchdog" Blog is used to communicate our opinions about vulnerabilities, security, ethics, and our responses to articles, research papers, and other blog entries regarding Secunia and vulnerabilities. To get the facts about vulnerabilities read our Secunia advisories. To get our opinions read the Secunia "Security Watchdog" Blog. The Blog: http://secunia.com/blog/ Subscribe to the RSS Feed: http://secunia.com/blog_rss/o.rss ======================================================================== 2) This Week in Brief: LMH has reported a vulnerability in Mac OS X, which potentially can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system. Currently, no solution is available from the vendor. Please see the referenced Secunia advisory for an alternative workaround. Reference: http://secunia.com/SA23012 -- A vulnerability has been discovered in Firefox, which can be exploited by malicious people to conduct phishing attacks. The vulnerability is caused due to the Password Manager not properly checking the URL before automatically filling in saved user credentials into forms. This may be exploited to steal user credentials via malicious forms in the same domain. Reference: http://secunia.com/SA23046 -- A vulnerability has been reported in MailEnable IMAP service, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. For more information please see the referenced Secunia advisory. Reference: http://secunia.com/SA23047 -- VIRUS ALERTS: During the past week Secunia collected 197 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA23012] Apple Mac OS X UDIF Memory Corruption Vulnerability 2. [SA21910] Internet Explorer Multiple Vulnerabilities 3. [SA22477] Internet Explorer 7 "mhtml:" Redirection Information Disclosure 4. [SA22891] WinZip FileView ActiveX Control Multiple Vulnerabilities 5. [SA22687] Microsoft XMLHTTP ActiveX Control Code Execution Vulnerability 6. [SA23046] Firefox Password Manager Information Disclosure 7. [SA22939] Sybase RFID Enterprise RSA Signature Forgery 8. [SA22934] Sybase Afaria RSA Signature Forgery 9. [SA22938] Sybase PowerBuilder RSA Signature Forgery 10. [SA22937] Sybase mFolio RSA Signature Forgery ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA23047] MailEnable IMAP Service Buffer Overflow Vulnerability [SA23003] Acer LunchApp.APlunch ActiveX Control "Run" Insecure Method [SA22999] XMPlay Playlist Parsing Buffer Overflow Vulnerability [SA23068] SoftAcid Link Exchange Lite "url" and "psearch" SQL Injection [SA23067] CreaDirectory Cross-Site Scripting and SQL Injection [SA23063] JiRo's Link Manager Script Insertion and SQL Injection [SA23050] Enthrallweb eClassifieds Multiple SQL Injection Vulnerabilities [SA23036] NetGear MA521 Wireless Driver Long Rates Memory Corruption [SA23017] BestWebApp Dating Site Cross-Site Scripting and SQL Injection [SA23016] Enthrallweb eHomes Cross-Site Scripting and SQL Injection [SA23004] Turbo Searcher arj.dll Buffer Overflow Vulnerability [SA22987] Classified System 2004 Multiple Vulnerabilities [SA22986] Kerio WinRoute Firewall DNS Response Denial of Service [SA22985] Rapid Classified Cross-Site Scripting and SQL Injection [SA22981] Active News Manager "query" SQL Injection Vulnerability [SA22975] E-commerce Kit-1 PayPal Edition Multiple SQL Injection [SA22974] 20/20 Auto Gallery SQL Injection Vulnerabilities [SA22962] NetGear WG111v2 Wireless Driver Beacon Request Buffer Overflow [SA22955] Enthrallweb eShopping Cart Multiple SQL Injection [SA22954] CandyPress Store "policy" and "brand" SQL Injection [SA22946] ASPCart Multiple SQL Injection Vulnerabilities [SA22943] BaalASP Smart Form Portal Software Multiple Vulnerabilities [SA23060] CA BrightStor ARCserve Backup Buffer Overflow Vulnerability [SA23027] Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability [SA23053] VMware VirtualCenter Client SSL Verification Security Issue [SA23030] Conti FTPServer Two Vulnerabilities [SA22952] i-Gallery "d" and "Search Gallery" Cross-Site Scripting [SA22938] Sybase PowerBuilder RSA Signature Forgery [SA22937] Sybase mFolio RSA Signature Forgery [SA22936] Sybase Mach Desktop RSA Signature Forgery [SA22968] TFTPD32 GET/PUT Denial of Service Vulnerability [SA22972] CA Personal Firewall HIPS Drivers Privilege Escalation UNIX/Linux: [SA23031] Oliver "conf[motdfile]" File Inclusion Vulnerability [SA23012] Apple Mac OS X UDIF Memory Corruption Vulnerability [SA23010] Debian update for xine-lib [SA23009] Ubuntu update for firefox [SA23001] phpWebThings "editor_insert_bottom" File Inclusion Vulnerability [SA22989] PHPQuickGallery "textFile" File Inclusion Vulnerability [SA22980] SUSE update for MozillaFirefox, MozillaThunderbird, and seamonkey [SA22976] SUSE update for pdns [SA22967] chetcpasswd Multiple Vulnerabilities [SA22958] Mandriva update for doxygen [SA22957] Mandriva update for chromium [SA23055] aBitWhizzy "f" Directory Traversal Vulnerability [SA23049] Rialto Cross-Site Scripting and SQL Injection Vulnerabilities [SA23045] CuteNews Script Insertion and Cross Site Scripting Vulnerabilities [SA23044] Sun Solaris Gimp XCF Parsing Buffer Overflow Vulnerability [SA23019] Gentoo update for qmailadmin [SA23018] Mandriva update for gv [SA23013] Ubuntu update for mozilla-thunderbird [SA23007] Dovecot Cache File Off-By-One Vulnerability [SA23006] Debian update for gv [SA22998] Debian update for imagemagick [SA22996] Ubuntu update for OpenLDAP [SA22995] Gentoo update for texinfo [SA22979] SUSE update for asterisk [SA22978] IBM OS/400 osp-cert ASN.1 Vulnerabilities [SA22973] PHP Upload Tool File Upload And Directory Traversal [SA22966] Powies PSCRIPT pMM "edit" SQL Injection Vulnerability [SA22964] PSCRIPT Forum "id" SQL Injection Vulnerability [SA22960] DoSePa "file" Directory Traversal Vulnerability [SA22953] Mandriva update for openldap [SA22948] Mandriva update for bind [SA22944] Helix DNA Server Unspecified Buffer Overflow Vulnerability [SA22942] Gentoo update for wordpress [SA23022] Mandriva update for links [SA23069] Debian update for proftpd [SA23040] Gentoo update for ruby [SA23039] Gentoo update for tikiwiki [SA23000] Mandriva update for proftpd [SA22988] my little weblog "action" Cross-Site Scripting [SA22956] Mandriva update for libpng [SA22951] Ubuntu update for libpng [SA22950] Trustix update for libpng [SA22941] Gentoo update for libpng [SA23042] Gentoo update for avahi [SA23035] Kile Backup File Insecure File Permissions [SA23033] Mandriva update for xorg-x11 [SA23020] Mandriva update for avahi [SA23008] Debian update for flexbackup [SA22993] OpenBSD ELF ld.so Environment Cleaning Vulnerability [SA22982] Apple Remote Desktop Insecure Default Package Permissions [SA23062] Apple Mac OS X UDTO HFS+ Denial of Service Vulnerability [SA22994] Wabbit PHP Gallery Script "dir" Directory Traversal [SA22990] mAlbum "gal" Directory Traversal Vulnerability [SA23034] Fedora Core minix File System Denial of Service Vulnerability [SA22961] FVWM "evalFolderLine()" Local Command Injection Other: [SA23038] IBM HMC OpenSSH / OpenSSL Vulnerabilities [SA22965] Avaya Messaging Storage Server Firefox Multiple Vulnerabilities [SA22945] Avaya Products Linux Kernel Multiple Vulnerabilities [SA22992] Avaya CMS Sun Solaris X Display Manager Security Issue Cross Platform: [SA23059] e-Ark "cfg_pear_path" File Inclusion Vulnerability [SA23037] Photo Cart "admin_folder" and "path" File Inclusion [SA23002] PHP Easy Download "file_info/admin/save.php" PHP Code Execution [SA22977] Fuzzball MUCK MPI Buffer Overflow Vulnerabilities [SA22963] WORK system e-commerce "g_include" File Inclusion Vulnerabilities [SA22947] Comdev One Admin Pro "path[docroot]" and "path[skin]" File Inclusion [SA23065] GrimBB Unspecified Script Insertion Vulnerabilities [SA23054] Seditio "id" SQL Injection Vulnerability [SA23028] IBM WebSphere Application Server Multiple Vulnerabilities [SA23026] Vikingboard Script Insertion and Local File Inclusion [SA23023] mod_auth_kerb "der_get_oid()" Off-By-One Vulnerability [SA23005] ContentNow "pageid" SQL Injection Vulnerability [SA22983] PostNuke "error.php" Local File Inclusion [SA22970] Hot Links SQL "dlback.php" / "dlback.cgi" Information Disclosure [SA23046] Firefox Password Manager Information Disclosure [SA23025] BLOG:CMS "FADDR" Cross-Site Scripting Vulnerability [SA23021] Travelsized CMS index.php Cross-Site Scripting Vulnerabilities [SA23011] vBulletin "prefs" / "navprefs" Cross-Site Scripting Vulnerabilities [SA22984] cPanel "dns" Cross-Site Scripting Vulnerability [SA22969] phpMyAdmin Script Insertion and IP Address Check Bypass [SA22949] Sybase Enterprise Portal RSA Signature Forgery [SA22940] Sybase Unwired Accelerator RSA Signature Forgery [SA22939] Sybase RFID Enterprise RSA Signature Forgery [SA22935] Sybase EAServer RSA Signature Forgery [SA22934] Sybase Afaria RSA Signature Forgery ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA23047] MailEnable IMAP Service Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-11-23 A vulnerability has been reported in MailEnable IMAP service, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23047/ -- [SA23003] Acer LunchApp.APlunch ActiveX Control "Run" Insecure Method Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-20 Tan Chew Keong has reported a vulnerability in LunchApp.APlunch ActiveX Control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/23003/ -- [SA22999] XMPlay Playlist Parsing Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-21 Greg Linares has discovered a vulnerability in XMPlay, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/22999/ -- [SA23068] SoftAcid Link Exchange Lite "url" and "psearch" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-22 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in SoftAcid Link Exchange Lite, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23068/ -- [SA23067] CreaDirectory Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-22 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in CreaDirectory, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/23067/ -- [SA23063] JiRo's Link Manager Script Insertion and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-22 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in JiRo's Link Manager, which can be exploited by malicious people to conduct script insertion and SQL injections attacks. Full Advisory: http://secunia.com/advisories/23063/ -- [SA23050] Enthrallweb eClassifieds Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-21 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Enthrallweb eClassifieds, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23050/ -- [SA23036] NetGear MA521 Wireless Driver Long Rates Memory Corruption Critical: Moderately critical Where: From remote Impact: System access Released: 2006-11-20 Laurent Butti has reported a vulnerability in NetGear MA521 Wireless driver, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23036/ -- [SA23017] BestWebApp Dating Site Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-20 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in BestWebApp Dating Site, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/23017/ -- [SA23016] Enthrallweb eHomes Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-21 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Enthrallweb eHomes, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/23016/ -- [SA23004] Turbo Searcher arj.dll Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2006-11-20 Tan Chew Keong has reported a vulnerability in Turbo Searcher, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/23004/ -- [SA22987] Classified System 2004 Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-21 Laurent Gaffie and Benjamin Mosse have reported some vulnerabilities in Classified System 2004, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/22987/ -- [SA22986] Kerio WinRoute Firewall DNS Response Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-11-21 A vulnerability has been reported in Kerio WinRoute Firewall, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22986/ -- [SA22985] Rapid Classified Cross-Site Scripting and SQL Injection Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-21 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Rapid Classified, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/22985/ -- [SA22981] Active News Manager "query" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-20 Laurent Gaffié and Benjamin Mossé have reported a vulnerability in Active News Manager, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22981/ -- [SA22975] E-commerce Kit-1 PayPal Edition Multiple SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-17 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in E-commerce Kit-1 PayPal Edition, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22975/ -- [SA22974] 20/20 Auto Gallery SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-20 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in 20/20 Auto Gallery, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22974/ -- [SA22962] NetGear WG111v2 Wireless Driver Beacon Request Buffer Overflow Critical: Moderately critical Where: From remote Impact: System access Released: 2006-11-17 A vulnerability has been reported in NetGear WG111v2 wireless driver, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/22962/ -- [SA22955] Enthrallweb eShopping Cart Multiple SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-17 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Enthrallweb eShopping Cart, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22955/ -- [SA22954] CandyPress Store "policy" and "brand" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-17 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in CandyPress Store, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22954/ -- [SA22946] ASPCart Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-17 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in ASPCart, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22946/ -- [SA22943] BaalASP Smart Form Portal Software Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-17 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in BaalASP Smart Form Portal Software, which can be exploited by malicious people to conduct SQL injection and script insertion attacks. Full Advisory: http://secunia.com/advisories/22943/ -- [SA23060] CA BrightStor ARCserve Backup Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2006-11-22 LSsecurity has reported a vulnerability in BrightStor ARCserver Backup, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23060/ -- [SA23027] Novell Client NWSPOOL.DLL Unspecified Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: Unknown Released: 2006-11-21 A vulnerability with an unknown impact has been reported in Novell Client. Full Advisory: http://secunia.com/advisories/23027/ -- [SA23053] VMware VirtualCenter Client SSL Verification Security Issue Critical: Less critical Where: From remote Impact: Spoofing Released: 2006-11-22 A security issue has been reported in VMware VirtualCenter, which can be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/23053/ -- [SA23030] Conti FTPServer Two Vulnerabilities Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2006-11-20 Greg Linares has discovered two vulnerabilities in Conti FTPServer, which can be exploited by malicious users to enumerate files on an affected system and disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/23030/ -- [SA22952] i-Gallery "d" and "Search Gallery" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-17 Aria-Security Team have reported some vulnerabilities in i-Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/22952/ -- [SA22938] Sybase PowerBuilder RSA Signature Forgery Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-11-17 Sybase has acknowledged a vulnerability in PowerBuilder, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22938/ -- [SA22937] Sybase mFolio RSA Signature Forgery Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-11-17 Sybase has acknowledged a vulnerability in mFolio, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22937/ -- [SA22936] Sybase Mach Desktop RSA Signature Forgery Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-11-17 Sybase has acknowledged a vulnerability in Mach Desktop, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22936/ -- [SA22968] TFTPD32 GET/PUT Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2006-11-20 liuqx has discovered a vulnerability in TFTPD32, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22968/ -- [SA22972] CA Personal Firewall HIPS Drivers Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-11-17 Rubén Santamarta has reported some vulnerabilities in CA Personal Firewall, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/22972/ UNIX/Linux:-- [SA23031] Oliver "conf[motdfile]" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2006-11-20 Drago84 has discovered a vulnerability in Oliver, which can be exploited by malicious people to disclose sensitive information and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23031/ -- [SA23012] Apple Mac OS X UDIF Memory Corruption Vulnerability Critical: Highly critical Where: From remote Impact: Privilege escalation, DoS, System access Released: 2006-11-21 LMH has reported a vulnerability in Mac OS X, which potentially can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23012/ -- [SA23010] Debian update for xine-lib Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-11-21 Debian has issued an update for xine-lib. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a user's system. Full Advisory: http://secunia.com/advisories/23010/ -- [SA23009] Ubuntu update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, DoS, System access Released: 2006-11-22 Ubuntu has issued an update for firefox. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23009/ -- [SA23001] phpWebThings "editor_insert_bottom" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-20 nuffsaid has discovered a vulnerability in phpWebThings, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23001/ -- [SA22989] PHPQuickGallery "textFile" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-20 Al7ejaz Hacker has discovered a vulnerability in PHPQuickGallery, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22989/ -- [SA22980] SUSE update for MozillaFirefox, MozillaThunderbird, and seamonkey Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, DoS, System access Released: 2006-11-17 SUSE has issued an update for MozillaFirefox, MozillaThunderbird, and seamonkey. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22980/ -- [SA22976] SUSE update for pdns Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-11-17 SUSE has issued an update for pdns. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22976/ -- [SA22967] chetcpasswd Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, System access Released: 2006-11-21 Some vulnerabilities have been discovered in chetcpasswd, which can be exploited by malicious people to bypass security restrictions, identify valid user accounts and potentially compromise vulnerable systems. Full Advisory: http://secunia.com/advisories/22967/ -- [SA22958] Mandriva update for doxygen Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-11-17 Mandriva has issued an update for doxygen. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22958/ -- [SA22957] Mandriva update for chromium Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-11-17 Mandriva has issued an update for chromium. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22957/ -- [SA23055] aBitWhizzy "f" Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2006-11-22 Laurent Gaffié and Benjamin Mossé have discovered a vulnerability in aBitWhizzy, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/23055/ -- [SA23049] Rialto Cross-Site Scripting and SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2006-11-21 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Rialto, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/23049/ -- [SA23045] CuteNews Script Insertion and Cross Site Scripting Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-22 trueend5 has discovered some vulnerabilities in CuteNews, which can be exploited by malicious users to conduct script insertion attacks and malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23045/ -- [SA23044] Sun Solaris Gimp XCF Parsing Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-21 Sun Microsystems has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system. Full Advisory: http://secunia.com/advisories/23044/ -- [SA23019] Gentoo update for qmailadmin Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-11-22 Gentoo has issued an update for qmailadmin. This fixes a vulnerability, which potentially can be exploited by malicious people to a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23019/ -- [SA23018] Mandriva update for gv Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-20 Mandriva has issued an update for gv. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/23018/ -- [SA23013] Ubuntu update for mozilla-thunderbird Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, DoS, System access Released: 2006-11-22 Ubuntu has issued an update for mozilla-thunderbird. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23013/ -- [SA23007] Dovecot Cache File Off-By-One Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-20 A vulnerability has been reported in Dovecot, which can be exploited by malicious users to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23007/ -- [SA23006] Debian update for gv Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-21 Debian has issued an update for gv. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/23006/ -- [SA22998] Debian update for imagemagick Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-20 Debian has issued an update for imagemagick. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22998/ -- [SA22996] Ubuntu update for OpenLDAP Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-11-21 Ubuntu has issued an update for OpenLDAP. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22996/ -- [SA22995] Gentoo update for texinfo Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-22 Gentoo has issued an update for texinfo. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22995/ -- [SA22979] SUSE update for asterisk Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-17 SUSE has issued an update for asterisk. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22979/ -- [SA22978] IBM OS/400 osp-cert ASN.1 Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown Released: 2006-11-20 Some vulnerabilities with unknown impacts have been reported in OS/400. Full Advisory: http://secunia.com/advisories/22978/ -- [SA22973] PHP Upload Tool File Upload And Directory Traversal Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2006-11-17 Some vulnerabilities have been discovered in PHP Upload Tool, which can be exploited by malicious users to gain system access or by malicious people to expose sensitive information. Full Advisory: http://secunia.com/advisories/22973/ -- [SA22966] Powies PSCRIPT pMM "edit" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-20 SHiKaA has reported a vulnerability in Powies PSCRIPT pMM, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22966/ -- [SA22964] PSCRIPT Forum "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-20 SHiKaA has reported a vulnerability in Powies PSCRIPT Forum, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/22964/ -- [SA22960] DoSePa "file" Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2006-11-20 Craig Heffner has discovered a vulnerability in DoSePa, which can be exploited by malicious people to expose sensitive information. Full Advisory: http://secunia.com/advisories/22960/ -- [SA22953] Mandriva update for openldap Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-11-20 Mandriva has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22953/ -- [SA22948] Mandriva update for bind Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS Released: 2006-11-20 Mandriva has issued an update for bind. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22948/ -- [SA22944] Helix DNA Server Unspecified Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2006-11-17 GLEG has reported a vulnerability in Helix DNA Server, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22944/ -- [SA22942] Gentoo update for wordpress Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS Released: 2006-11-20 Gentoo has issued an update for wordpress. This fixes some vulnerabilities, which can be exploited by malicious users to gain knowledge of potentially sensitive information or cause a DoS (Denial of Service), and by malicious people to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/22942/ -- [SA23022] Mandriva update for links Critical: Moderately critical Where: From local network Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2006-11-21 Mandriva has issued an update for links. This fixes a vulnerability, which can be exploited by malicious people to expose sensitive information and manipulate data. Full Advisory: http://secunia.com/advisories/23022/ -- [SA23069] Debian update for proftpd Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-22 Debian has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23069/ -- [SA23040] Gentoo update for ruby Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-21 Gentoo has issued an update for ruby. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23040/ -- [SA23039] Gentoo update for tikiwiki Critical: Less critical Where: From remote Impact: Cross Site Scripting, Exposure of sensitive information Released: 2006-11-21 Gentoo has issued an update for tikiwiki. This fixes some vulnerabilities, which can be exploited by malicious people to disclose certain sensitive information or conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23039/ -- [SA23000] Mandriva update for proftpd Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-22 Mandriva has issued an update for proftpd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23000/ -- [SA22988] my little weblog "action" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-21 the_Edit0r has discovered a vulnerability in my little weblog, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/22988/ -- [SA22956] Mandriva update for libpng Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-17 Mandriva has issued an update for libpng. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22956/ -- [SA22951] Ubuntu update for libpng Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-20 Ubuntu has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22951/ -- [SA22950] Trustix update for libpng Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-20 Trustix has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22950/ -- [SA22941] Gentoo update for libpng Critical: Less critical Where: From remote Impact: DoS Released: 2006-11-20 Gentoo has issued an update for libpng. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/22941/ -- [SA23042] Gentoo update for avahi Critical: Less critical Where: Local system Impact: Security Bypass Released: 2006-11-21 Gentoo has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/23042/ -- [SA23035] Kile Backup File Insecure File Permissions Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2006-11-20 A security issue has been reported in Kile, which can be exploited by malicious, local users to gain knowledge of certain information. Full Advisory: http://secunia.com/advisories/23035/ -- [SA23033] Mandriva update for xorg-x11 Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-11-20 Mandriva has issued an update for xorg-x11. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/23033/ -- [SA23020] Mandriva update for avahi Critical: Less critical Where: Local system Impact: Security Bypass Released: 2006-11-21 Mandriva has issued an update for avahi. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/23020/ -- [SA23008] Debian update for flexbackup Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-11-21 Debian has issued an update for flexbackup. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. Full Advisory: http://secunia.com/advisories/23008/ -- [SA22993] OpenBSD ELF ld.so Environment Cleaning Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-11-20 A vulnerability has been reported in OpenBSD, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22993/ -- [SA22982] Apple Remote Desktop Insecure Default Package Permissions Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2006-11-17 A security issue has been reported in Apple Remote Desktop, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/22982/ -- [SA23062] Apple Mac OS X UDTO HFS+ Denial of Service Vulnerability Critical: Not critical Where: From remote Impact: DoS Released: 2006-11-22 LMH has reported a vulnerability in Mac OS X, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23062/ -- [SA22994] Wabbit PHP Gallery Script "dir" Directory Traversal Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2006-11-21 the_Edit0r has discovered a vulnerability in Wabbit PHP Gallery Script, which can be exploited by malicious people to disclose system information. Full Advisory: http://secunia.com/advisories/22994/ -- [SA22990] mAlbum "gal" Directory Traversal Vulnerability Critical: Not critical Where: From remote Impact: Exposure of sensitive information Released: 2006-11-21 Tux25 has discovered a vulnerability in mAlbum, which can be exploited by malicious users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/22990/ -- [SA23034] Fedora Core minix File System Denial of Service Vulnerability Critical: Not critical Where: Local system Impact: DoS Released: 2006-11-20 LMH has reported a vulnerability in Fedora Core, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23034/ -- [SA22961] FVWM "evalFolderLine()" Local Command Injection Critical: Not critical Where: Local system Impact: Security Bypass Released: 2006-11-21 Tavis Ormandy has reported a security issue in FVWM, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22961/ Other:-- [SA23038] IBM HMC OpenSSH / OpenSSL Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2006-11-22 IBM has acknowledged some vulnerabilities in HMC, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23038/ -- [SA22965] Avaya Messaging Storage Server Firefox Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, DoS, System access Released: 2006-11-17 Avaya has acknowledged some vulnerabilities in Firefox, included in Avaya Messaging Storage Server, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting attacks, or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22965/ -- [SA22945] Avaya Products Linux Kernel Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS Released: 2006-11-17 Avaya has acknowledged some vulnerabilities in various Avaya products, which can be exploited by malicious, local users to bypass certain security restrictions, expose potentially sensitive information, or to cause a DoS (Denial of Service), and by malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/22945/ -- [SA22992] Avaya CMS Sun Solaris X Display Manager Security Issue Critical: Not critical Where: Local system Impact: Exposure of system information Released: 2006-11-20 Avaya has acknowledged a security issue in CMS, which can be exploited by malicious, local users to gain access to system information. Full Advisory: http://secunia.com/advisories/22992/ Cross Platform:-- [SA23059] e-Ark "cfg_pear_path" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-22 DeltahackingTEAM have discovered a vulnerability in e-Ark, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23059/ -- [SA23037] Photo Cart "admin_folder" and "path" File Inclusion Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-22 irvian has reported two vulnerabilities in Photo Cart, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23037/ -- [SA23002] PHP Easy Download "file_info/admin/save.php" PHP Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-20 nuffsaid has discovered a vulnerability in PHP Easy Download, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23002/ -- [SA22977] Fuzzball MUCK MPI Buffer Overflow Vulnerabilities Critical: Highly critical Where: From remote Impact: System access, DoS Released: 2006-11-21 Some vulnerabilities have been reported in Fuzzball MUCK, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22977/ -- [SA22963] WORK system e-commerce "g_include" File Inclusion Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-17 SlimTim10 has reported some vulnerabilities in WORK system e-commerce, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22963/ -- [SA22947] Comdev One Admin Pro "path[docroot]" and "path[skin]" File Inclusion Critical: Highly critical Where: From remote Impact: System access Released: 2006-11-17 AG-Spider has reported some vulnerabilities in Comdev One Admin Pro, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/22947/ -- [SA23065] GrimBB Unspecified Script Insertion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-22 Some vulnerabilities have been reported in GrimBB, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/23065/ -- [SA23054] Seditio "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-22 Mustafa Can Bjorn Ipekci has reported a vulnerability in Seditio, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23054/ -- [SA23028] IBM WebSphere Application Server Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Unknown, Security Bypass, DoS, System access Released: 2006-11-20 Some vulnerabilities have been reported in IBM WebSphere Application Server, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions, and by malicious people to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23028/ -- [SA23026] Vikingboard Script Insertion and Local File Inclusion Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of sensitive information Released: 2006-11-20 Laurent Gaffié and Benjamin Mossé have reported some vulnerabilities in Vikingboard, which can be exploited by malicious users to disclose certain sensitive information and conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/23026/ -- [SA23023] mod_auth_kerb "der_get_oid()" Off-By-One Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2006-11-21 A vulnerability has been reported in mod_auth_kerb module for Apache, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23023/ -- [SA23005] ContentNow "pageid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2006-11-22 Revenge has discovered a vulnerability in ContentNow, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23005/ -- [SA22983] PostNuke "error.php" Local File Inclusion Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2006-11-21 A vulnerability has been reported in PostNuke, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/22983/ -- [SA22970] Hot Links SQL "dlback.php" / "dlback.cgi" Information Disclosure Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2006-11-17 hack2prison has reported a vulnerability in Hot Links SQL, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/22970/ -- [SA23046] Firefox Password Manager Information Disclosure Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2006-11-22 Robert Chapin has discovered a vulnerability in Firefox, which can be exploited by malicious people to conduct phishing attacks. Full Advisory: http://secunia.com/advisories/23046/ -- [SA23025] BLOG:CMS "FADDR" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-20 katatafish has discovered a vulnerability in BLOG:CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23025/ -- [SA23021] Travelsized CMS index.php Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-20 David Vieira-Kurz has discovered some vulnerabilities in Travelsized CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23021/ -- [SA23011] vBulletin "prefs" / "navprefs" Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-20 insanity has reported two vulnerabilities in vBulletin, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23011/ -- [SA22984] cPanel "dns" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2006-11-22 Aria-Security has reported a vulnerability in cPanel, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/22984/ -- [SA22969] phpMyAdmin Script Insertion and IP Address Check Bypass Critical: Less critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2006-11-17 Some vulnerabilities have been discovered in phpMyAdmin, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to bypass security restrictions. Full Advisory: http://secunia.com/advisories/22969/ -- [SA22949] Sybase Enterprise Portal RSA Signature Forgery Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-11-17 Sybase has acknowledged a vulnerability in Sybase Enterprise Portal, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22949/ -- [SA22940] Sybase Unwired Accelerator RSA Signature Forgery Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-11-17 Sybase has acknowledged a vulnerability in Sybase Unwired Accelerator, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22940/ -- [SA22939] Sybase RFID Enterprise RSA Signature Forgery Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-11-17 Sybase has acknowledged a vulnerability in Sybase RFID Enterprise, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22939/ -- [SA22935] Sybase EAServer RSA Signature Forgery Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-11-17 Sybase has acknowledged a vulnerability in Sybase EAServer, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22935/ -- [SA22934] Sybase Afaria RSA Signature Forgery Critical: Less critical Where: From remote Impact: Security Bypass Released: 2006-11-17 Sybase has acknowledged a vulnerability in Afaria, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/22934/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Thu Nov 23 2006 - 22:44:43 PST