======================================================================== The Secunia Weekly Advisory Summary 2007-01-25 - 2007-02-01 This week: 61 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: New Secunia blog entry about the "availability" of the latest Apple QuickTime security update. The update is ready, yet users are still only able to download the vulnerable version from Apple.com - without any indication or guidance about why or how to secure it: http://secunia.com/blog/7/ Exploitation appears to be straight forward and the QuickTime player is installed on more than 50% of all computers! Use the Secunia Software Inspector for verification and real guidance on how to secure your QuickTime player: http://secunia.com/software_Inspector/ -- Should you be interesting a career within Secunia, the current job openings are available right now: Security Sales Engineer: http://corporate.secunia.com/about_secunia/54/ German Key Account Manager: http://corporate.secunia.com/about_secunia/55/ International Account Manager - Enterprise Sales: http://corporate.secunia.com/about_secunia/52/ International Sales Manager - IT Security Partner: http://corporate.secunia.com/about_secunia/51/ Danish: Disassembling og Reversing http://secunia.com/Disassembling_og_Reversing/ ======================================================================== 2) This Week in Brief: A zero-day vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. The zero-day exploit was first identified in the form of a trojan dropper reportedly available in the wild. The vulnerability is caused due to an unspecified error when parsing strings in Word documents and can be exploited to corrupt memory thereby allowing execution of arbitrary code on the user's system. It is reported to affect Microsoft Word 2000. Other versions may also be affected. This is the fourth Microsoft Word zero-day to be released in two months. All four remain unpatched. Because of active exploitation of these vulnerabilities, Secunia has tagged these as "Extremely Critical", the maximum severity rating for Secunia advisories. Secunia therefore urges all Microsoft Office users to refrain from opening untrusted Word documents. For more information on this vulnerability: http://secunia.com/advisories/23950/ -- A vulnerability has been discovered in Yahoo! Messenger, which may allow an attacker to execute a limited amount of arbitrary script code in the Local Zone context. The vulnerability is due to the input in the "First Name", "Last Name", and "Nickname" fields in the "Contact Details" option not being sanitised properly when displaying status notification messages to a user in a chat box. A possible scenario is as follows: (1) the user is tricked into adding the attacker to his or her messenger list, (2) the attacker sends an instant message to the user, then (3) the attacker changes his or her status (for example, from "available to everyone" to "invisible"). Successful exploitation only occurs if the attacker is in the messenger list of the user. This vulnerability is tagged by Secunia as "Less critical" due to limitations in the amount of script code that can be executed. This is because the contact details only accept a limited number of characters; script code inserted into the contact details are truncated if it exceeds the number of available characters. Secunia urges Yahoo! Messenger users to add only trusted users to their messenger lists. This vulnerability is currently unpatched, and is confirmed to affect version 8.1.0.209. For more information about this vulnerability: http://secunia.com/advisories/23928/ -- VIRUS ALERTS: During the past week Secunia collected 159 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA23950] Microsoft Word Unspecified String Handling Memory Corruption 2. [SA23867] Cisco IOS Multiple Vulnerabilities 3. [SA23904] ISC BIND Denial of Service Vulnerabilities 4. [SA23666] Adobe Reader Unspecified Heap Corruption Vulnerability 5. [SA18787] Internet Explorer Drag-and-Drop Vulnerability 6. [SA23914] GuppY "error.php" Cookie Remote Code Execution 7. [SA23475] NCTsoft Products NCTAudioFile2 ActiveX Control Buffer Overflow 8. [SA23757] Sun Java JRE GIF Image Processing Buffer Overflow Vulnerability 9. [SA23938] PGP Desktop Service Code Execution Vulnerability 10. [SA23316] Bluetrait "bt-trackback.php" SQL-Injection Vulnerabilities ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA23950] Microsoft Word Unspecified String Handling Memory Corruption [SA23964] HTTP Commander Cross-Site Scripting Vulnerabilities [SA23938] PGP Desktop Service Code Execution Vulnerability UNIX/Linux: [SA23992] phpIndexPage "env[inc_path]" File Inclusion Vulnerability [SA23970] ACGVclick "path" File Inclusion Vulnerability [SA23967] xt-stats "server_base_dir" File Inclusion Vulnerability [SA23958] Flip4Mac WMV Parsing Memory Corruption Vulnerability [SA23941] Debian update for cacti [SA23984] SUSE Update for Multiple Packages [SA23982] Sun Solaris ICMP Denial of Service Vulnerability [SA23975] CHMlib Page Block Length Memory Corruption Vulnerability [SA23971] Debian update for vlc [SA23962] PHPFootball "show.php" Database Retrieval [SA23956] Galeria "galeria" Local File Inclusion [SA23954] xNews "id" SQL Injection Vulnerability [SA23939] Sun Solaris FreeType Integer Overflow and Underflow Vulnerabilities [SA24005] Gentoo update for elinks [SA24014] Fedora update for bind [SA24006] Debian update for gtk+2.0 [SA23997] Red Hat update for kernel [SA23979] Sun Java System Access Manager Cross-Site Scripting [SA23977] Mandriva update for bind [SA23976] Fedora update for libsoup [SA23974] Fedora update for bind [SA23972] Slackware update for bind [SA23968] Webfwlog "conffile" Directory Traversal Vulnerability [SA23961] Mandriva update for libsoup [SA23946] Gentoo update for squid [SA23944] Debian update for bind9 [SA23943] SUSE update for bind [SA24015] Debian update for libgtop2 [SA23991] Avaya CMS / IR ld.so Directory Traversal and Buffer Overflow [SA23966] Gentoo update for xorg-server [SA23955] Linux Kernel "listxattr" Memory Corruption Vulnerability [SA23937] smb4K Multiple Vulnerabilities [SA23983] Drupal Captcha Module Security Bypass [SA23945] Apple Mac OS X iChat Bonjour Denial of Service [SA23993] NX Server "nxconfigure.sh" Denial of Service Other: [SA23978] Cisco IOS SIP Packet Handling Reload Denial of Service [SA23989] Intel Enterprise Southbridge 2 BMC Interface Commands Access Cross Platform: [SA23990] vbDrupal Comment Preview Arbitrary Code Execution [SA23987] EncapsCMS "config[path]" File Inclusion Vulnerability [SA23973] MyNews "myNewsConf[path][sys][index]" File Inclusion Vulnerability [SA23969] nsGalPHP "racineTBS" File Inclusion Vulnerability [SA23960] Drupal Comment Preview Arbitrary Code Execution [SA23959] phpMyReports "cfgPathModule" File Inclusion Vulnerability [SA23952] Xero Portal "phpbb_root_path" File Inclusion Vulnerability [SA23949] Foro Domus "sesion_idioma" File Inclusion Vulnerability [SA24016] Wireshark Multiple Denial of Service Vulnerabilities [SA23981] WebGUI Asset Deletion Vulnerability [SA23965] CascadianFAQ "catid" SQL Injection Vulnerability [SA23963] Nexuiz "gamedir" Information Disclosure and Data Manipulation [SA23957] IBM AIX Mail Services Authentication Vulnerability [SA23953] FileDownload Snippet for MODx Arbitrary File Download [SA23948] MAXdev MD-Pro "startrow" SQL Injection Vulnerability [SA23947] FD Script "fname" Arbitrary File Download Vulnerability [SA23980] Movable Type Cross-Site Scripting and Security Bypass [SA23951] CMSsimple mailform "sender" Cross-Site Scripting Vulnerability [SA23940] CVSTrac SQL Injection Vulnerability [SA23942] gtalkbot Disclosure of User Credentials [SA23985] Drupal Textimage Module Security Bypass ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA23950] Microsoft Word Unspecified String Handling Memory Corruption Critical: Extremely critical Where: From remote Impact: System access Released: 2007-01-26 A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/23950/ -- [SA23964] HTTP Commander Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-01-29 Two vulnerabilities have been discovered in HTTP Commander, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23964/ -- [SA23938] PGP Desktop Service Code Execution Vulnerability Critical: Less critical Where: From local network Impact: System access Released: 2007-01-26 Peter Winter-Smith of NGSSoftware has reported a vulnerability in PGP Desktop, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23938/ UNIX/Linux:-- [SA23992] phpIndexPage "env[inc_path]" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-01-30 DeltahackingTEAM has discovered a vulnerability in phpIndexPage, which can be exploited by malicious people to compromise vulnerable systems. Full Advisory: http://secunia.com/advisories/23992/ -- [SA23970] ACGVclick "path" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-01-29 ajann has discovered a vulnerability in ACGVclick, which can be exploited by malicious people to compromise vulnerable systems. Full Advisory: http://secunia.com/advisories/23970/ -- [SA23967] xt-stats "server_base_dir" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-01-29 ThE dE@Th has reported a vulnerability in xt-stats, which can be exploited by malicious people to compromise vulnerable systems. Full Advisory: http://secunia.com/advisories/23967/ -- [SA23958] Flip4Mac WMV Parsing Memory Corruption Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2007-01-29 KF and LMH have reported a vulnerability in Flip4Mac, which can potentially be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/23958/ -- [SA23941] Debian update for cacti Critical: Highly critical Where: From remote Impact: Security Bypass, Manipulation of data, System access Released: 2007-01-26 Debian has issued an update for cacti. This fixes some vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions, manipulate data and compromise vulnerable systems. Full Advisory: http://secunia.com/advisories/23941/ -- [SA23984] SUSE Update for Multiple Packages Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2007-01-29 SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain knowledge of potentially sensitive information, cause a DoS (Denial of Service), or gain escalated privileges; by malicious users to manipulate data, disclose sensitive information, or compromise a vulnerable system; and by malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/23984/ -- [SA23982] Sun Solaris ICMP Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-01-31 Sun has acknowledged a vulnerability in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23982/ -- [SA23975] CHMlib Page Block Length Memory Corruption Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2007-01-29 iDefense Labs has reported a vulnerability in CHM Lib, which potentially can be exploited by malicious people to compromise an application using the vulnerable library. Full Advisory: http://secunia.com/advisories/23975/ -- [SA23971] Debian update for vlc Critical: Moderately critical Where: From remote Impact: System access Released: 2007-01-29 Debian has issued an update for vlc. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/23971/ -- [SA23962] PHPFootball "show.php" Database Retrieval Critical: Moderately critical Where: From remote Impact: Security Bypass, Exposure of sensitive information Released: 2007-01-31 ajann has discovered a vulnerability in PHPFootball, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/23962/ -- [SA23956] Galeria "galeria" Local File Inclusion Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2007-01-31 ajann has reported a vulnerability in Galeria, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/23956/ -- [SA23954] xNews "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2007-01-29 ajann has discovered a vulnerability in xNews, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23954/ -- [SA23939] Sun Solaris FreeType Integer Overflow and Underflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-01-29 Sun has acknowledged some vulnerabilities in Solaris, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise applications using the library. Full Advisory: http://secunia.com/advisories/23939/ -- [SA24005] Gentoo update for elinks Critical: Moderately critical Where: From local network Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information Released: 2007-02-01 Gentoo has issued an update for elinks. This fixes a vulnerability, which can be exploited by malicious people to expose sensitive information and manipulate data. Full Advisory: http://secunia.com/advisories/24005/ -- [SA24014] Fedora update for bind Critical: Less critical Where: From remote Impact: DoS Released: 2007-02-01 Fedora has issued an update for bind. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/24014/ -- [SA24006] Debian update for gtk+2.0 Critical: Less critical Where: From remote Impact: DoS Released: 2007-02-01 Debian has issued an update for gtk+2.0. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/24006/ -- [SA23997] Red Hat update for kernel Critical: Less critical Where: From remote Impact: DoS Released: 2007-01-31 Red Hat has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to disclose potentially sensitive information, gain escalated privileges, and cause a DoS (Denial of Service), and by malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/23997/ -- [SA23979] Sun Java System Access Manager Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-01-30 A vulnerability has been reported in Sun Java System Access Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23979/ -- [SA23977] Mandriva update for bind Critical: Less critical Where: From remote Impact: DoS Released: 2007-01-31 Mandriva has issued an update for bind. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23977/ -- [SA23976] Fedora update for libsoup Critical: Less critical Where: From remote Impact: DoS Released: 2007-01-30 Fedora has issued an update for libsoup. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23976/ -- [SA23974] Fedora update for bind Critical: Less critical Where: From remote Impact: DoS Released: 2007-01-30 Fedora has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23974/ -- [SA23972] Slackware update for bind Critical: Less critical Where: From remote Impact: DoS Released: 2007-01-29 Slackware has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23972/ -- [SA23968] Webfwlog "conffile" Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2007-01-30 GolD_M has discovered a vulnerability in Webfwlog, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/23968/ -- [SA23961] Mandriva update for libsoup Critical: Less critical Where: From remote Impact: DoS Released: 2007-01-29 Mandriva has issued an update for libsoup. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23961/ -- [SA23946] Gentoo update for squid Critical: Less critical Where: From remote Impact: DoS Released: 2007-01-26 Gentoo has issued an update for squid. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23946/ -- [SA23944] Debian update for bind9 Critical: Less critical Where: From remote Impact: DoS Released: 2007-01-29 Debian has issued an update for bind9. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23944/ -- [SA23943] SUSE update for bind Critical: Less critical Where: From remote Impact: DoS Released: 2007-01-30 SUSE has issued an update for bind. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23943/ -- [SA24015] Debian update for libgtop2 Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2007-02-01 Debian has issued an update for libgtop2. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/24015/ -- [SA23991] Avaya CMS / IR ld.so Directory Traversal and Buffer Overflow Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2007-01-30 Avaya has acknowledged a vulnerability and a security issue in Avaya CMS / IR, which can be exploited by malicious, local users to disclose sensitive information or potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/23991/ -- [SA23966] Gentoo update for xorg-server Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2007-01-29 Gentoo has issued an update for xorg-server. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/23966/ -- [SA23955] Linux Kernel "listxattr" Memory Corruption Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2007-01-31 A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or potentially gain escalated privileges. Full Advisory: http://secunia.com/advisories/23955/ -- [SA23937] smb4K Multiple Vulnerabilities Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2007-01-29 Kees Cook has reported some vulnerabilities in smb4K, which can be exploited by malicious, local users to kill arbitrary processes, disclose potentially sensitive information, and gain escalated privileges. Full Advisory: http://secunia.com/advisories/23937/ -- [SA23983] Drupal Captcha Module Security Bypass Critical: Not critical Where: From remote Impact: Security Bypass Released: 2007-01-31 A weakness has been reported in the Captcha module for Drupal, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/23983/ -- [SA23945] Apple Mac OS X iChat Bonjour Denial of Service Critical: Not critical Where: From local network Impact: DoS Released: 2007-01-31 LMH has reported a vulnerability in Apple iChat, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23945/ -- [SA23993] NX Server "nxconfigure.sh" Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2007-01-30 A security issue has been reported in NX Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23993/ Other:-- [SA23978] Cisco IOS SIP Packet Handling Reload Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-01-31 A vulnerability has been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23978/ -- [SA23989] Intel Enterprise Southbridge 2 BMC Interface Commands Access Critical: Less critical Where: From local network Impact: Security Bypass Released: 2007-01-31 A security issue has been reported in Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/23989/ Cross Platform:-- [SA23990] vbDrupal Comment Preview Arbitrary Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2007-01-30 A vulnerability has been reported in vbDrupal, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23990/ -- [SA23987] EncapsCMS "config[path]" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-01-31 Tr_ZiNDaN has reported a vulnerability in EncapsCMS, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23987/ -- [SA23973] MyNews "myNewsConf[path][sys][index]" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-01-31 GolD_M has reported a vulnerability in MyNews, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23973/ -- [SA23969] nsGalPHP "racineTBS" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-01-29 S.W.A.T. has reported a vulnerability in nsGalPHP, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23969/ -- [SA23960] Drupal Comment Preview Arbitrary Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2007-01-30 A vulnerability has been reported in Drupal, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23960/ -- [SA23959] phpMyReports "cfgPathModule" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-01-29 GolD_M has discovered a vulnerability in phpMyReports, which can be exploited by malicious people to compromise vulnerable systems. Full Advisory: http://secunia.com/advisories/23959/ -- [SA23952] Xero Portal "phpbb_root_path" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-01-26 xoron has reported a vulnerability in Xero Portal, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23952/ -- [SA23949] Foro Domus "sesion_idioma" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-01-29 xoron has reported a vulnerability in Foro Domus, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/23949/ -- [SA24016] Wireshark Multiple Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-02-01 Some vulnerabilities have been reported in Wireshark, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/24016/ -- [SA23981] WebGUI Asset Deletion Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2007-01-29 Lucas Bartholemy has reported a vulnerability in WebGUI, which can be exploited by malicious users to delete assets. Full Advisory: http://secunia.com/advisories/23981/ -- [SA23965] CascadianFAQ "catid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2007-01-31 ajann has discovered a vulnerability in CascadianFAQ, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23965/ -- [SA23963] Nexuiz "gamedir" Information Disclosure and Data Manipulation Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2007-01-31 A vulnerability has been reported in Nexuiz, which can be exploited by malicious people to disclose sensitive information or manipulate data. Full Advisory: http://secunia.com/advisories/23963/ -- [SA23957] IBM AIX Mail Services Authentication Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2007-01-29 A vulnerability has been reported in AIX, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/23957/ -- [SA23953] FileDownload Snippet for MODx Arbitrary File Download Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2007-01-31 A vulnerability has been reported in the FileDownload snippet for MODx, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/23953/ -- [SA23948] MAXdev MD-Pro "startrow" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2007-01-30 adex has discovered a vulnerability in MAXdev MD-Pro, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/23948/ -- [SA23947] FD Script "fname" Arbitrary File Download Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2007-01-29 ajann has discovered a vulnerability in FD Script, which can be exploited by malicious people to gain knowledge of sensitive information. Full Advisory: http://secunia.com/advisories/23947/ -- [SA23980] Movable Type Cross-Site Scripting and Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass, Cross Site Scripting Released: 2007-01-29 Some vulnerabilities have been reported in Movable Type, which can be exploited by malicious people to bypass certain security restrictions and conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23980/ -- [SA23951] CMSsimple mailform "sender" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-01-26 unsticky has discovered a vulnerability in CMSimple, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/23951/ -- [SA23940] CVSTrac SQL Injection Vulnerability Critical: Less critical Where: From remote Impact: Manipulation of data, DoS Released: 2007-01-30 Ralf S. Engelschall has reported a vulnerability in CVSTrac, which can be exploited by malicious users to conduct SQL injection attacks and cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/23940/ -- [SA23942] gtalkbot Disclosure of User Credentials Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2007-01-31 A security issue has been reported in gtalkbot, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/23942/ -- [SA23985] Drupal Textimage Module Security Bypass Critical: Not critical Where: From remote Impact: Security Bypass Released: 2007-01-31 A weakness has been reported in the Textimage module for Drupal, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/23985/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Thu Feb 01 2007 - 22:24:07 PST