========================================================================
The Secunia Weekly Advisory Summary
2007-04-12 - 2007-04-19
This week: 65 advisories
========================================================================
Table of Contents:
1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing
========================================================================
1) Word From Secunia:
Should you be interested in a career within Secunia, the current job
openings are available right now:
Security Sales Engineer:
http://corporate.secunia.com/about_secunia/54/
German Key Account Manager:
http://corporate.secunia.com/about_secunia/55/
International Account Manager - Enterprise Sales:
http://corporate.secunia.com/about_secunia/52/
International Sales Manager - IT Security Partner:
http://corporate.secunia.com/about_secunia/51/
Danish: Disassembling og Reversing
http://secunia.com/Disassembling_og_Reversing/
Linux Security Specialist:
http://secunia.com/Linux_Security_Specialist/
========================================================================
2) This Week in Brief:
Without skipping a beat, hackers have once again managed to take the
fun out of Microsoft Tuesday with the release of a new Microsoft
vulnerability, this time affecting the DNS service.
The vulnerability is due to a boundary error in an RPC interface of the
DNS service, and can be exploited to cause a stack-based buffer
overflow by creating an RPC request with specific parameters.
Successful exploitation allows an attacker to execute arbitrary code
with SYSTEM privileges.
While Microsoft has yet to issue a patch, they have already released a
security advisory for the vulnerability. Secunia has rated this
advisory as "Highly critical". All users are encouraged to implement
the vendor-recommended workarounds while a patch is being prepared.
For more information, please refer to:
http://secunia.com/advisories/24871/
--
Two vulnerabilities have been reported in Clam Antivirus. The first is
an unspecified file descriptor leak error within the
libclamav/chmunpack.c file, and the other is a signedness error within
the "cab_unstore()" function in the libclamav/cab.c file.
The "cab_unstore()" vulnerability can be exploited to cause a stack
based buffer overflow via a specially crafted ".cab" file. This can
lead to a crash of the clamd process, or may allow an attacker to
execute arbitrary code in the system.
The vendor has released a patch for these vulnerabilities. For more
information, please refer to:
http://secunia.com/advisories/24891/
--
Oracle has released a critical security patch covering 36
vulnerabilities. The vulnerabilities, allowing everything from
cross-site scripting attacks, to crashes, to execution of arbitrary
code, are reported in various Oracle products.
Users are advised to apply the patches for their affected products as
soon as possible. There is a publicly available exploit for at least
one of the patches, and more are sure to follow, as detailed analysis
of the patches are sure to come out in the days following the patch
release.
For more information:
http://secunia.com/advisories/24929/
--
VIRUS ALERTS:
During the past week Secunia collected 174 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.
========================================================================
3) This Weeks Top Ten Most Read Advisories:
1. [SA24871] Microsoft Windows DNS Service Buffer Overflow
Vulnerability
2. [SA24659] Microsoft Windows Animated Cursor Buffer Overflow
Vulnerability
3. [SA22896] Microsoft Agent URL Parsing Memory Corruption
Vulnerability
4. [SA18787] Internet Explorer Drag-and-Drop Vulnerability
5. [SA24891] Clam AntiVirus Two Vulnerabilities
6. [SA24877] Opera Unspecified Flash Player Plug-In Vulnerability
7. [SA24865] Cisco Products Multiple Vulnerabilities
8. [SA24880] Aircrack-ng 802.11 Authentication Packet Processing
Buffer Overflow
9. [SA24857] Sun Solaris IP Packet Denial of Service
10. [SA23370] Debian update for kernel
========================================================================
4) Vulnerabilities Summary Listing
Windows:
[SA24960] Second Sight ActiveGS ActiveX Control Buffer Overflow
Vulnerabilities
[SA24928] Second Sight ActiveMod ActiveX Control Buffer Overflow
Vulnerability
[SA24900] Akamai Download Manager ActiveX Control Buffer Overflow
Vulnerabilities
[SA24914] McAfee VirusScan Enterprise On-Access Scanner Unicode
Filename Buffer Overflow
[SA24898] MiniShare Multiple Connections Denial of Service
[SA24894] FileZilla Unspecified Format String Vulnerabilities
[SA24938] IBM Tivoli Monitoring Various Services Buffer Overflow
Vulnerabilities
[SA24937] BMC PATROL "bgs_sdservice.exe" Memory Corruption
[SA24892] LANDesk Management Suite Alert Service Buffer Overflow
[SA24882] MailBee WebMail Pro Cross-Site Scripting Vulnerabilities
[SA24881] eIQNetworks Enterprise Security Analyzer Command Processing
Vulnerabilities
UNIX/Linux:
[SA24948] Sun Solaris Mozilla 1.7 Vulnerabilities
[SA24930] HP UX Tru64 Multiple SSL and BIND Vulnerabilities
[SA24906] Gentoo update for openoffice and openoffice-bin
[SA24897] Gentoo update for xine-lib
[SA24947] rPath update for lighttpd
[SA24945] rPath update for php, php-mysql, and php-pgsql
[SA24931] Gentoo update for madwifi-ng
[SA24924] Red Hat update for php
[SA24911] Red Hat update for squid
[SA24910] Red Hat update for php
[SA24889] SUSE Update for Multiple Packages
[SA24887] PHP-Nuke vWar Module SQL Injection and Cross-Site Scripting
[SA24886] lighttpd "mtime" and "\r\n\r\n\" Denial of Service
Vulnerabilities
[SA24885] Red Hat update for freetype
[SA24884] VCDGear Cue File Buffer Overflow Vulnerability
[SA24950] HP Insight Management Agents SSL Vulnerabilities
[SA24951] WordPress Pingback Denial of Service Security Issue
[SA24919] oe2edit "q" Cross-Site Scripting Vulnerability
[SA24918] Gentoo file Denial of Service Security Issue
[SA24917] Gentoo update for freeradius
[SA24909] Mandriva update for php
[SA24907] Mandriva update for freeradius
[SA24901] rPath update for kernel
[SA24895] Mandriva update for cups
[SA24953] Ubuntu update for libx11
[SA24916] SSH Tectia Server Insecure Permissions
[SA24903] ScramDisk 4 Linux Privilege Escalation Security Issues
[SA24905] Gentoo update for vixie-cron
Other:
[SA24940] Canon Network Camera Server VB100 Series Cross-Site Scripting
Vulnerability
Cross Platform:
[SA24956] jGallery "G_JGALL[inc_path]" File Inclusion Vulnerability
[SA24955] AimStats "process.php" PHP Code Injection
[SA24944] Novell GroupWise WebAccess Base64 Decoding Buffer Overflow
[SA24939] ShoutPro "shout" PHP Code Injection Vulnerability
[SA24929] Oracle Products Multiple Vulnerabilities
[SA24927] Sun Solaris and Java Web Console Format String Vulnerability
[SA24926] Rezervi Generic "root" File Inclusion Vulnerabilities
[SA24915] Opensurveypilot Two File Inclusion Vulnerabilities
[SA24913] Mozilla Firefox Wizz RSS News Reader Extension Cross-Context
Scripting
[SA24912] Simple PHP Scripts Gallery "gallery" File Inclusion
[SA24908] Anthologia "ads_file" File Inclusion Vulnerability
[SA24904] LS simple guestbook "message" PHP Code Execution
[SA24902] CNStats File Inclusion Vulnerabilities
[SA24891] Clam AntiVirus Two Vulnerabilities
[SA24890] StoreFront for Gallery "GALLERY_BASEDIR" File Inclusion
Vulnerabilities
[SA24888] PhpWiki "UpLoad" PHP Script Upload Vulnerability
[SA24933] webMethods Glue "resource" Directory Traversal Vulnerability
[SA24899] Zomplog "file" Directory Traversal Vulnerability
[SA24896] NMDeluxe "template" Local File Inclusion Vulnerability
[SA24880] Aircrack-ng 802.11 Authentication Packet Processing Buffer
Overflow
[SA24943] Wabbit PHP Gallery Script Two Cross-Site Scripting
Vulnerabilities
[SA24942] my little weblog "id" Cross-Site Scripting
[SA24922] JEX-Treme Einfacher Passwortschutz "msg"
Cross-Site-Scripting
[SA24879] chCounter "login_name" Cross-Site Scripting
[SA24893] McAfee e-Business Server Authentication Packet Processing
Denial Of Service
========================================================================
5) Vulnerabilities Content Listing
Windows:--
[SA24960] Second Sight ActiveGS ActiveX Control Buffer Overflow
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-19
Will Dormann has reported some vulnerabilities in Second Sight ActiveGS
ActiveX control, which potentially can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24960/
--
[SA24928] Second Sight ActiveMod ActiveX Control Buffer Overflow
Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-19
Will Dormann has reported a vulnerability in Second Sight ActiveMod
ActiveX control, which can be exploited by malicious people to
potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24928/
--
[SA24900] Akamai Download Manager ActiveX Control Buffer Overflow
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-17
Two vulnerabilities have been reported in Akamai Download Manager
ActiveX control, which can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24900/
--
[SA24914] McAfee VirusScan Enterprise On-Access Scanner Unicode
Filename Buffer Overflow
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2007-04-18
A vulnerability has been reported in McAfee VirusScan Enterprise, which
can be exploited by malicious people to cause a DoS or to potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24914/
--
[SA24898] MiniShare Multiple Connections Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2007-04-16
device has reported a vulnerability in MiniShare, which can be
exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/24898/
--
[SA24894] FileZilla Unspecified Format String Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2007-04-16
Some vulnerabilities have been reported in FileZilla, which potentially
can be exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24894/
--
[SA24938] IBM Tivoli Monitoring Various Services Buffer Overflow
Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2007-04-19
Some vulnerabilities have been reported in IBM Tivoli Monitoring, which
can be exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24938/
--
[SA24937] BMC PATROL "bgs_sdservice.exe" Memory Corruption
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2007-04-19
A vulnerability has been reported in BMC PATROL, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24937/
--
[SA24892] LANDesk Management Suite Alert Service Buffer Overflow
Critical: Moderately critical
Where: From local network
Impact: System access
Released: 2007-04-16
Aaron Portnoy has reported a vulnerability in LANDesk Management Suite,
which can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/24892/
--
[SA24882] MailBee WebMail Pro Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-04-17
Some vulnerabilities have been reported in MailBee WebMail Pro, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/24882/
--
[SA24881] eIQNetworks Enterprise Security Analyzer Command Processing
Vulnerabilities
Critical: Less critical
Where: From local network
Impact: DoS, System access
Released: 2007-04-13
Leon Juranic has discovered some vulnerabilities in eIQNetworks
Enterprise Security Analyzer, which can be exploited by malicious
people to cause a DoS (Denial of Service) or to potentially compromise
a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24881/
UNIX/Linux:--
[SA24948] Sun Solaris Mozilla 1.7 Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2007-04-19
Sun has acknowledged some vulnerabilities in Mozilla 1.7 for Sun
Solaris, which potentially can be exploited by malicious people to
compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24948/
--
[SA24930] HP UX Tru64 Multiple SSL and BIND Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2007-04-18
HP has acknowledged some vulnerabilities in HP Tru64 Unix.
Full Advisory:
http://secunia.com/advisories/24930/
--
[SA24906] Gentoo update for openoffice and openoffice-bin
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-17
Gentoo has issued an update for openoffice and openoffice-bin. This
fixes some vulnerabilities, which can be exploited by malicious people
to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24906/
--
[SA24897] Gentoo update for xine-lib
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Released: 2007-04-16
Gentoo has issued an update for xine-lib. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/24897/
--
[SA24947] rPath update for lighttpd
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2007-04-19
rPath has issued an update for lighttpd. This fixes some
vulnerabilities, which can be exploited by malicious users and
malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/24947/
--
[SA24945] rPath update for php, php-mysql, and php-pgsql
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2007-04-19
rPath has issued an update for php, php-mysql, and php-pgsql. This
fixes some vulnerabilities, which can be exploited by malicious, local
users to bypass certain security restrictions, and by malicious people
to cause a DoS (Denial of Service) and potentially compromise a user's
system.
Full Advisory:
http://secunia.com/advisories/24945/
--
[SA24931] Gentoo update for madwifi-ng
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information, DoS
Released: 2007-04-18
Gentoo has issued an update for madwifi-ng. This fixes some
vulnerabilities, which can be exploited by malicious people to gain
knowledge of potentially sensitive information or cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/24931/
--
[SA24924] Red Hat update for php
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2007-04-17
Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious, local users to bypass certain
security restrictions, and by malicious people to cause a DoS (Denial
of Service) and potentially compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24924/
--
[SA24911] Red Hat update for squid
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2007-04-16
Red Hat has issued an update for squid. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/24911/
--
[SA24910] Red Hat update for php
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, DoS, System access
Released: 2007-04-17
Red Hat has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious, local users to bypass certain
security restrictions, and by malicious people to potentially
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24910/
--
[SA24889] SUSE Update for Multiple Packages
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Privilege escalation, DoS, System
access
Released: 2007-04-16
SUSE has issued an update for various packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges and by malicious people to conduct cross-site
scripting attacks, cause a DoS (Denial of Service), and compromise a
user's system.
Full Advisory:
http://secunia.com/advisories/24889/
--
[SA24887] PHP-Nuke vWar Module SQL Injection and Cross-Site Scripting
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released: 2007-04-18
Janek Vind has discovered some vulnerabilities in the vWar module for
PHP-Nuke, which can be exploited by malicious people to conduct SQL
injection attacks and cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/24887/
--
[SA24886] lighttpd "mtime" and "\r\n\r\n\" Denial of Service
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: DoS
Released: 2007-04-16
Some vulnerabilities have been reported in lighttpd, which can be
exploited by malicious users and malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/24886/
--
[SA24885] Red Hat update for freetype
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Released: 2007-04-16
Red Hat has issued an update for freetype. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise an application using the library.
Full Advisory:
http://secunia.com/advisories/24885/
--
[SA24884] VCDGear Cue File Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-04-16
A vulnerability has been discovered in VCDGear, which can be exploited
by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24884/
--
[SA24950] HP Insight Management Agents SSL Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, DoS, System access
Released: 2007-04-18
HP has acknowledged some vulnerabilities in HP Insight Management
Agents, which can be exploited by malicious people to bypass certain
security restrictions, cause a DoS (Denial of Service) or compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/24950/
--
[SA24951] WordPress Pingback Denial of Service Security Issue
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2007-04-19
foobarwp12 has reported a security issue in WordPress, which
potentially can be exploited by malicious people to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/24951/
--
[SA24919] oe2edit "q" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-04-17
David Vieira-Kurz has reported a vulnerability in oe2edit, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/24919/
--
[SA24918] Gentoo file Denial of Service Security Issue
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2007-04-18
Gentoo has acknowledged a security issue in file, which potentially can
be exploited by malicious people to cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/24918/
--
[SA24917] Gentoo update for freeradius
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2007-04-18
Gentoo has issued an update for freeradius. This fixes a security
issue, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/24917/
--
[SA24909] Mandriva update for php
Critical: Less critical
Where: From remote
Impact: Security Bypass, DoS
Released: 2007-04-19
Mandriva has issued an update for php. This fixes some vulnerabilities,
which can be exploited by malicious users to bypass certain security
restrictions and by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/24909/
--
[SA24907] Mandriva update for freeradius
Critical: Less critical
Where: From remote
Impact: DoS
Released: 2007-04-17
Mandriva has issued an update for freeradius. This fixes a security
issue, which can be exploited by malicious people to cause a DoS
(Denial of Service).
Full Advisory:
http://secunia.com/advisories/24907/
--
[SA24901] rPath update for kernel
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information, Privilege escalation,
DoS
Released: 2007-04-17
rPath has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, gain escalated privileges, and by malicious people to
cause a DoS.
Full Advisory:
http://secunia.com/advisories/24901/
--
[SA24895] Mandriva update for cups
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2007-04-17
Mandriva has issued an update for cups. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/24895/
--
[SA24953] Ubuntu update for libx11
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information, DoS
Released: 2007-04-19
Ubuntu has issued an update for libx11. This fixes a vulnerability,
which can be exploited by malicious, local users to disclose sensitive
information or cause a DoS (Denial of Service).
Full Advisory:
http://secunia.com/advisories/24953/
--
[SA24916] SSH Tectia Server Insecure Permissions
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2007-04-16
A security issue has been reported in SSH Tectia Server for IBM z/OS,
which potentially can be exploited by malicious, local users to gain
escalated privileges.
Full Advisory:
http://secunia.com/advisories/24916/
--
[SA24903] ScramDisk 4 Linux Privilege Escalation Security Issues
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Released: 2007-04-16
Two security issues have been reported in ScramDisk 4 Linux. These can
be exploited by malicious, local users to gain escalated privileges.
Full Advisory:
http://secunia.com/advisories/24903/
--
[SA24905] Gentoo update for vixie-cron
Critical: Not critical
Where: Local system
Impact: DoS
Released: 2007-04-17
Gentoo has issued an update for vixie-cron. This fixes a vulnerability,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service).
Full Advisory:
http://secunia.com/advisories/24905/
Other:--
[SA24940] Canon Network Camera Server VB100 Series Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-04-19
A vulnerability has been reported in Canon Network Camera Server VB100
Series, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/24940/
Cross Platform:--
[SA24956] jGallery "G_JGALL[inc_path]" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-19
Dj7xpl has discovered a vulnerability in jGallery, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24956/
--
[SA24955] AimStats "process.php" PHP Code Injection
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-19
Dj7xpl has discovered some vulnerabilities in AimStats, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24955/
--
[SA24944] Novell GroupWise WebAccess Base64 Decoding Buffer Overflow
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-19
A vulnerability has been reported in Novell GroupWise, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24944/
--
[SA24939] ShoutPro "shout" PHP Code Injection Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-18
Gammarays has discovered a vulnerability in ShoutPro, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24939/
--
[SA24929] Oracle Products Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Unknown, Security Bypass, Cross Site Scripting,
Manipulation of data, Exposure of sensitive information, Privilege
escalation, DoS, System access
Released: 2007-04-18
Multiple vulnerabilities have been reported in various Oracle products.
Some of these vulnerabilities have unknown impacts, while others can be
exploited to bypass certain security restrictions, gain knowledge of
sensitive information, gain escalated privileges, cause a DoS (Denial
of Service), conduct cross-site scripting and SQL injection attacks, or
potentially compromise a vulnerable system..
Full Advisory:
http://secunia.com/advisories/24929/
--
[SA24927] Sun Solaris and Java Web Console Format String Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-18
Frank Dick has reported a vulnerability in Sun Solaris and Java Web
Console, which potentially can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24927/
--
[SA24926] Rezervi Generic "root" File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-19
GolD_M has discovered some vulnerabilities in Rezervi Generic, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/24926/
--
[SA24915] Opensurveypilot Two File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2007-04-19
Two vulnerabilities have been discovered in Opensurveypilot, which can
be exploited by malicious people to compromise a vulnerable system or
to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/24915/
--
[SA24913] Mozilla Firefox Wizz RSS News Reader Extension Cross-Context
Scripting
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Released: 2007-04-17
A vulnerability has been reported in the Wizz RSS News Reader extension
for Mozilla Firefox, which can be exploited by malicious people to
compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24913/
--
[SA24912] Simple PHP Scripts Gallery "gallery" File Inclusion
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2007-04-17
A vulnerability has been discovered in Simple PHP Scripts Gallery,
which can be exploited by malicious people to compromise a vulnerable
system or to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/24912/
--
[SA24908] Anthologia "ads_file" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Released: 2007-04-18
Dj7xpl has discovered a vulnerability in Anthologia, which can be
exploited by malicious people to compromise a vulnerable system or to
disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/24908/
--
[SA24904] LS simple guestbook "message" PHP Code Execution
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-16
Gammarays has discovered a vulnerability in LS simple guestbook, which
can be exploited by malicious people to compromise a vulnerable
system.
Full Advisory:
http://secunia.com/advisories/24904/
--
[SA24902] CNStats File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-16
Some vulnerabilities have been discovered in CNStats, which can be
exploited by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24902/
--
[SA24891] Clam AntiVirus Two Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Unknown, DoS, System access
Released: 2007-04-13
Two vulnerabilities have been reported in Clam AntiVirus. One has an
unknown impact, while the other can be exploited by malicious people to
cause a DoS (Denial of Service) or to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24891/
--
[SA24890] StoreFront for Gallery "GALLERY_BASEDIR" File Inclusion
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-17
Alkomandoz Hacker has reported a vulnerability in StoreFront for
Gallery, which can be exploited by malicious people to compromise a
vulnerable system.
Full Advisory:
http://secunia.com/advisories/24890/
--
[SA24888] PhpWiki "UpLoad" PHP Script Upload Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Released: 2007-04-13
A vulnerability has been discovered in PhpWiki, which can be exploited
by malicious people to compromise a vulnerable system.
Full Advisory:
http://secunia.com/advisories/24888/
--
[SA24933] webMethods Glue "resource" Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2007-04-18
Patrick Webster has reported a vulnerability in webMethods Glue, which
can be exploited by malicious people to disclose sensitive
information.
Full Advisory:
http://secunia.com/advisories/24933/
--
[SA24899] Zomplog "file" Directory Traversal Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
Released: 2007-04-19
Dj7xpl has discovered a vulnerability in Zomplog, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/24899/
--
[SA24896] NMDeluxe "template" Local File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Released: 2007-04-16
BeyazKurt has reported a vulnerability in NMDeluxe, which can be
exploited by malicious people to disclose sensitive information.
Full Advisory:
http://secunia.com/advisories/24896/
--
[SA24880] Aircrack-ng 802.11 Authentication Packet Processing Buffer
Overflow
Critical: Moderately critical
Where: From remote
Impact: System access
Released: 2007-04-13
Jonathan So has reported a vulnerability in Aircrack-ng, which can be
exploited by malicious people to compromise a user's system.
Full Advisory:
http://secunia.com/advisories/24880/
--
[SA24943] Wabbit PHP Gallery Script Two Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-04-18
the_Edit0r has reported some vulnerabilities in Wabbit PHP Gallery
Script, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/24943/
--
[SA24942] my little weblog "id" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-04-18
the_Edit0r has discovered a vulnerability in my little weblog, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Full Advisory:
http://secunia.com/advisories/24942/
--
[SA24922] JEX-Treme Einfacher Passwortschutz "msg"
Cross-Site-Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-04-19
hackberry has discovered a vulnerability in Einfacher Passwortschutz,
which can be exploited by malicious people to conduct cross-site
scripting attacks.
Full Advisory:
http://secunia.com/advisories/24922/
--
[SA24879] chCounter "login_name" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Released: 2007-04-13
Hanno Bck has discovered a vulnerability in chCounter, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Full Advisory:
http://secunia.com/advisories/24879/
--
[SA24893] McAfee e-Business Server Authentication Packet Processing
Denial Of Service
Critical: Less critical
Where: From local network
Impact: DoS
Released: 2007-04-18
A vulnerability has been reported in McAfee e-Business Server, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Full Advisory:
http://secunia.com/advisories/24893/
========================================================================
Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Subscribe:
http://secunia.com/secunia_weekly_summary/
Contact details:
Web : http://secunia.com/
E-mail : support@private
Tel : +45 70 20 51 44
Fax : +45 70 20 51 45
__________________________
Subscribe to InfoSec News
http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Fri Apr 20 2007 - 00:34:15 PDT