========================================================================
The Secunia Weekly Advisory Summary
2006-12-28 - 2007-01-04
This week: 29 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
The Secunia Software Inspector is a free service that detects insecure
versions of software that you may have installed in your system. When
insecure versions are detected, the Secunia Software Inspector also
provides thorough guidelines for updating the software to the latest
secure version from the vendor.
Be sure to check your own system:
http://secunia.com/software_inspector/
Feature Overview - The Secunia Software Inspector:
* Detects insecure versions of applications installed
* Verifies that all Microsoft patches are applied
* Assists you in updating your system and applications
* Runs through your browser. No installation or download is required.
Read more in our blog:
http://secunia.com/blog/4/
http://secunia.com/blog/3/
========================================================================
2) This Week in Brief:
The year started off with a bang from the Month of Apple Bugs, with a
highly critical vulnerability in the way that Quicktime handles RTSP
URLs. By passing a specially crafted QTL file with an overly long
"src" parameter, a buffer overflow is induced that can allow the
execution of arbitrary code. Successful exploitation requires that a
user open a malicious QTL file, or visit a web site in which a
malicious QTL file is housed.
The vulnerability is confirmed in version 7.1.3.100 (Windows version)
and reportedly affects both Microsoft Windows and Mac OS X versions. It
is currently unpatched.
Refer to the following Secunia advisory for more information:
http://secunia.com/advisories/23540/
--
Secunia Research has discovered multiple vulnerabilities in The Address
Book. These vulnerabilities can be exploited by malicious people to
bypass certain security restrictions, conduct cross-site scripting,
cross-site request forgery, script insertion, and SQL injection
attacks, disclose sensitive information, and compromise a vulnerable
system.
Several parameters in "users.php" and "save.php" can be exploited to
manipulate SQL queries by injecting arbitrary SQL code. Parameters in
"save.php" can also be exploited to inject arbitrary HTML and script
code, which will be executed in a user's browser session in context of
an affected site when the malicious user data is viewed.
An input validation error in the picture upload handling can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site when a specially
crafted HTML document with the ".gif" or ".jpg" file extension is
viewed directly in the Microsoft Internet Explorer browser.
Several other vulnerabilities and a security weakness are discussed in
detail in the following Secunia advisory:
http://secunia.com/advisories/21694/
The vulnerabilities and the security issue are confirmed in version
1.04e, and are currently unpatched.
--
A cross-site scripting vulnerability was discovered in Adobe Reader,
which is due to the improper sanitation of input passed to a hosted
PDF file by the browser plug-in. This can be exploited to execute
arbitrary script code in a user's browser session in context of an
affected site.
The vulnerability is confirmed in version 6.0.1 for Windows via
Internet Explorer 6 and version 7.0.8 for Windows via Firefox
2.0.0.1. Other versions may also be affected. The vendor has released
a patch for this vulnerability.
For more information, refer to the following Secunia advisory:
http://secunia.com/advisories/23483/
--
VIRUS ALERTS:
During the past week Secunia collected 90 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA23540] Apple Quicktime RTSP URL Handling Buffer Overflow
Vulnerability
2. [SA23282] Mozilla Firefox Multiple Vulnerabilities
3. [SA23529] Linux Kernel Unspecified "init_timer()" Security Issue
4. [SA21910] Internet Explorer Multiple Vulnerabilities
5. [SA23528] Cacti Command Execution and SQL Injection Vulnerabilities
6. [SA23448] Microsoft Windows CSRSS Privilege Escalation
Vulnerability
7. [SA23491] Microsoft Windows CSRSS Information Disclosure
Vulnerability
8. [SA23574] WebText CMS PHP Command Injection Vulnerability
9. [SA23465] tDiary Unspecified Ruby Code Execution Vulnerability
10. [SA23569] AIDeX Mini-Webserver HTTP Request Display Denial Of
Service
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA23583] ICONICS Dialog Wrapper Module ActiveX Control Buffer
Overflow
[SA23599] ISO Plugin for Total Commander Pathname Buffer Overflow
[SA23584] Click -N- Print Coupons "key" SQL Injection Vulnerability
[SA23576] Vizayn Haber "id" SQL Injection Vulnerability
[SA23573] ASPTicker "Password" SQL Injection Vulnerability
[SA23572] autoDealer "iPro" SQL Injection Vulnerability
[SA23571] While You Were Out and In / Out Board SQL Injection
[SA23566] Enthrallweb eCars "Type_id" SQL Injection Vulnerability
[SA23569] AIDeX Mini-Webserver HTTP Request Display Denial Of Service
UNIX/Linux:
[SA23616] Red Hat update for openoffice.org
[SA23601] rPath update for thunderbird
[SA23589] Ubuntu update for firefox
[SA23588] Ubuntu update for w3m
[SA23570] bubla (buratinable templator) "bu_dir" File Inclusion
Vulnerabilities
[SA23567] Debian update for xine-lib
[SA23607] MythControlServer Command Processing Buffer Overflow
Vulnerability
[SA23603] Gentoo update for denyhosts
[SA23580] Debian update for elog
[SA23579] Debian update for evince
[SA23596] Miredo HMAC-MD5-64 Hash Spoofing Vulnerability
[SA23593] Mandriva update for kernel
[SA23608] OpenBSD "vga" Privilege Escalation Vulnerability
Other:
Cross Platform:
[SA23612] OpenOffice WMF/EMF Integer Overflow Vulnerability
[SA23592] VLC Media Player "udp://" URI Handling Format String
Vulnerability
[SA23577] STphp EasyNews PRO "data/users.txt" Information Disclosure
[SA23574] WebText CMS PHP Command Injection Vulnerability
[SA23587] WordPress "file" Script Insertion Vulnerability
[SA23585] Hosting Controller "BrowsePath" Directory Traversal
Vulnerability
[SA23582] CMS Made Simple "searchinput" Cross-Site Scripting
Vulnerability
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA23583] ICONICS Dialog Wrapper Module ActiveX Control Buffer
Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-01-03
Will Dormann has discovered a vulnerability in ICONICS Gauge ActiveX,
ICONICS Switch ActiveX, and ICONICS Vessel ActiveX, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23583/
--
[SA23599] ISO Plugin for Total Commander Pathname Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-01-02
Tan Chew Keong has reported a vulnerability in ISO Plugin for Total
Commander, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23599/
--
[SA23584] Click -N- Print Coupons "key" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2007-01-02
ajann has reported a vulnerability in Click -N- Print Coupons, which
can be exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/23584/
--
[SA23576] Vizayn Haber "id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2007-01-02
chernobiLe has reported a vulnerability in Vizayn Haber, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/23576/
--
[SA23573] ASPTicker "Password" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2006-12-29
ajann has reported a vulnerability in ASPTicker, which can be exploited
by malicious people to conduct SQL Injection attacks.
Full Advisory:
http://secunia.com/advisories/23573/
--
[SA23572] autoDealer "iPro" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2007-01-02
ajann has reported a vulnerability in autoDealer, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/23572/
--
[SA23571] While You Were Out and In / Out Board SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Manipulation of data
Released: 2006-12-29
ajann has reported two vulnerabilities in While You Were Out and In /
Out Board, which can be exploited by malicious people to bypass certain
security restrictions and manipulate data.
Full Advisory:
http://secunia.com/advisories/23571/
--
[SA23566] Enthrallweb eCars "Type_id" SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Released: 2007-01-03
ajann has reported a vulnerability in Enthrallweb eCars, which can be
exploited by malicious people to conduct SQL injection attacks.
Full Advisory:
http://secunia.com/advisories/23566/
--
[SA23569] AIDeX Mini-Webserver HTTP Request Display Denial Of Service
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2006-12-29
shinnai has discovered a vulnerability in AIDeX, which can be exploited
by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/23569/
UNIX/Linux:--
[SA23616] Red Hat update for openoffice.org
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-01-04
Red Hat has issued an update for openoffice.org. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23616/
--
[SA23601] rPath update for thunderbird
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2007-01-03
rPath has issued an update for thunderbird. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks and potentially compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23601/
--
[SA23589] Ubuntu update for firefox
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, Exposure of sensitive information,
DoS, System access
Released: 2007-01-03
Ubuntu has issued an update for firefox. This fixes some
vulnerabilities, which can be exploited by malicious people to gain
knowledge of certain information, conduct cross-site scripting attacks,
and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23589/
--
[SA23588] Ubuntu update for w3m
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-01-03
Ubuntu has issued an update for w3m. This fixes a vulnerability, which
potentially can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23588/
--
[SA23570] bubla (buratinable templator) "bu_dir" File Inclusion
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-01-02
DeltahackingTEAM have discovered some vulnerabilities in bubla
(buratinable templator), which can be exploited by malicious people to
compromise vulnerable systems.
Full Advisory:
http://secunia.com/advisories/23570/
--
[SA23567] Debian update for xine-lib
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2006-12-29
Debian has issued an update for xine-lib. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23567/
--
[SA23607] MythControlServer Command Processing Buffer Overflow
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-01-02
Michal Bucko has reported a vulnerability in MythControlServer, which
potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/23607/
--
[SA23603] Gentoo update for denyhosts
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2007-01-04
Gentoo has issued an update for denyhosts. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/23603/
--
[SA23580] Debian update for elog
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, DoS, System access
Released: 2006-12-29
Debian has issued an update for elog. This fixes some vulnerabilities,
which can be exploited by malicious people to conduct cross-site
scripting attacks and cause a DoS (Denial of Service), and malicious
users to conduct script insertion attacks, cause a DoS, and potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23580/
--
[SA23579] Debian update for evince
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-29
Debian has issued an update for evince. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/23579/
--
[SA23596] Miredo HMAC-MD5-64 Hash Spoofing Vulnerability
Critical: Less critical
Where: From remote
Impact: Spoofing
Released: 2007-01-03
A vulnerability has been reported in Miredo, which can be exploited by
malicious people to conduct spoofing attacks.
Full Advisory:
http://secunia.com/advisories/23596/
--
[SA23593] Mandriva update for kernel
Critical: Less critical
Where: From remote
Impact: Privilege escalation, DoS
Released: 2007-01-03
Mandriva has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges or to cause a DoS (Denial of Service) and by
malicious people to cause a DoS.
Full Advisory:
http://secunia.com/advisories/23593/
--
[SA23608] OpenBSD "vga" Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2007-01-04
A vulnerability has been reported in OpenBSD, which can be exploited by
malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/23608/
Other:
Cross Platform:--
[SA23612] OpenOffice WMF/EMF Integer Overflow Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-01-04
A vulnerability has been reported in OpenOffice, which potentially can
be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/23612/
--
[SA23592] VLC Media Player "udp://" URI Handling Format String
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-01-03
Kevin Finisterre and LMH have reported a vulnerability in VLC media
player, which can be exploited by malicious people to compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/23592/
--
[SA23577] STphp EasyNews PRO "data/users.txt" Information Disclosure
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2007-01-02
bd0rk has reported a security issue in STphp EasyNews PRO, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/23577/
--
[SA23574] WebText CMS PHP Command Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2006-12-29
Kacper has discovered a vulnerability in WebText CMS, which can be
exploited by malicious users to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/23574/
--
[SA23587] WordPress "file" Script Insertion Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-01-02
David Kierznowski has discovered a vulnerability in WordPress, which
can be exploited by malicious people to conduct script insertion
attacks.
Full Advisory:
http://secunia.com/advisories/23587/
--
[SA23585] Hosting Controller "BrowsePath" Directory Traversal
Vulnerability
Critical: Less critical
Where: From remote
Impact: Manipulation of data, Exposure of system information,
Exposure of sensitive information
Released: 2007-01-03
Soroush Dalili has reported a vulnerability in Hosting Controller,
which can be exploited by malicious users to disclose sensitive
information and to manipulate data.
Full Advisory:
http://secunia.com/advisories/23585/
--
[SA23582] CMS Made Simple "searchinput" Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-01-03
NanoyMaster has discovered a vulnerability in CMS Made Simple, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/23582/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Thu Jan 04 2007 - 22:53:05 PST