[ISN] Secunia Weekly Summary - Issue: 2007-17

From: InfoSec News (alerts@private)
Date: Fri Apr 27 2007 - 01:33:43 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2007-04-19 - 2007-04-26                        

                       This week: 52 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

BETA TEST: The Network Software Inspector

Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.

Join the FREE BETA test of the Network Software Inspector (NSI)!
http://secunia.com/network_software_Inspector/

The NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.

 --

NEW BLOG ENTRY
 
Last December, Secunia released the Software Inspector, a
revolutionary tool that changed the way users all across the globe
identified missing security updates.

Since then, over 300,000 inspections has been made using the Software
Inspector. Secunia has received hundreds of emails with feedback,
feature requests, and suggestions, all of which were thoroughly read
and taken note of. Because of these, Secunia is able to finetune and
improve the Software Inspector so that it can be a better tool for
computer users everywhere.

Now, Secunia is planning to release the Network Software Inspector
(NSI) which basically is an expanded version of the Software Inspector
geared for scanning on internal corporate networks.

Read More:
http://secunia.com/blog/9/

========================================================================
2) This Week in Brief:

A vulnerability has been reported in Adobe Photoshop, which can be
exploited by malicious people to compromise a user's system.

Successful exploitation allows execution of arbitrary code.

Currently, no solution is available from the vendor.

Reference:
http://secunia.com/SA25023

 --

A vulnerability has been reported in Apple QuickTime, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an unspecified error within the Java
handling in QuickTime. This can be exploited to execute arbitrary code
when a user visits a malicious web site using a Java-enabled browser
e.g. Safari or Firefox.

The vulnerability is reported on a Mac OS X system using Safari and
Firefox. Other browsers and platforms may also be affected.

Reference:
http://secunia.com/SA25011

 --

Join the FREE BETA test of the Network Software Inspector (NSI)!
http://secunia.com/network_software_Inspector/

 --

VIRUS ALERTS:

During the past week Secunia collected 179 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA25011] Apple QuickTime Java Handling Unspecified Code Execution
2.  [SA18787] Internet Explorer Drag-and-Drop Vulnerability
3.  [SA24659] Microsoft Windows Animated Cursor Buffer Overflow
              Vulnerability
4.  [SA24966] Mac OS X Security Update Fixes Multiple Vulnerabilities
5.  [SA24962] Nortel VPN Router Default User Accounts and Missing
              Authentication Checks
6.  [SA22896] Microsoft Agent URL Parsing Memory Corruption
              Vulnerability
7.  [SA24951] WordPress Pingback Denial of Service Security Issue
8.  [SA24871] Microsoft Windows DNS Service Buffer Overflow
              Vulnerability
9.  [SA24948] Sun Solaris Mozilla 1.7 Vulnerabilities
10. [SA24969] HP Oracle for OpenView Multiple Vulnerabilities

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA25023] Adobe Photoshop Bitmap File Handling Buffer Overflow
Vulnerability
[SA25017] Microgaming Download Helper ActiveX Control Buffer Overflow
Vulnerability
[SA25016] Corel Paint Shop Pro Photo CLP File Handling Buffer Overflow
[SA24994] ACDSee Products "ID_X.apl" XPM File Handling Buffer Overflow
[SA24981] PhotoFiltre Studio TIF File Handling Buffer Overflow
[SA24973] XnView XPM File Handling Buffer Overflow
[SA24972] CA BrightStor ARCserve Backup Media Server Multiple Buffer
Overflows
[SA25003] NeatUpload Response Handling Race Condition Information
Disclosure
[SA25029] HP StorageWorks Command View Advanced Edition for XP
Unauthorized User Account Access
[SA24986] ZoneAlarm Products SRESCAN.SYS IOCTL Handler Privilege
Escalation

UNIX/Linux:
[SA25022] Gentoo update for clamav
[SA25011] Apple QuickTime Java Handling Unspecified Code Execution
[SA25001] Gentoo update for 3proxy
[SA24996] Trustix update for freetype and clamav
[SA24995] SUSE Update for Multiple Packages
[SA24992] Pagode "asolute" Command Injection and Directory Traversal
[SA24968] Maran PHP Forum "name" PHP Code Execution
[SA24966] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA24963] Gentoo courier-imap "XMAILDIR" Variable Command Injection
[SA25027] SUSE update for opera
[SA24991] Gentoo update for blender
[SA24990] HP-UX sendmail Unspecified Denial of Service
[SA24982] Debian update for aircrack-ng
[SA24978] OpenBSD IPv6 Type 0 Route Headers Denial of Service
[SA24970] Avaya Products Wireshark Multiple Denial of Service
Vulnerabilities
[SA24967] MyBB "day" SQL Injection Vulnerability
[SA24964] Gentoo update for aircrack-ng
[SA24987] Avaya CMS / IR Sun Solaris IP Packet Denial of Service
[SA24974] Debian update for webcalendar
[SA24965] Red Hat update for php
[SA24989] rPath update for postgresql and postgresql-server
[SA24980] Gentoo update for nas
[SA25004] SUSE update for XFree86 and Xorg
[SA24979] Mandriva update for krb5
[SA24975] Sun Solaris libX11 Integer Overflow Vulnerability
[SA24985] Sun Cluster Software Denial of Service Vulnerability
[SA24976] Linux Kernel "L2CAP" and "HCI" Information Disclosure

Other:
[SA24962] Nortel VPN Router Default User Accounts and Missing
Authentication Checks
[SA25031] Linksys SPA941 SIP Message Denial of Service

Cross Platform:
[SA25015] wavewoo "path_include" File Inclusion Vulnerability
[SA24983] ACVSWS "CheminInclude" File Inclusion Vulnerability
[SA24977] Asterisk T.38 SDP Buffer Overflows and Management Interface
Denial of Service
[SA24971] Post Revolution "dir" File Inclusion Vulnerabilities
[SA24969] HP Oracle for OpenView Multiple Vulnerabilities
[SA25018] Yate Unspecified SIP Protocol Handling Denial of Service
Vulnerability
[SA25010] EsForum "idsalon" SQL Injection Vulnerability
[SA24997] Big Blue Guestbook "comments" Script Insertion
[SA24984] Ripe Website Manager SQL Injection and Cross-Site Scripting
[SA25002] CA CleverPath Portal SQL Injection Vulnerability
[SA25000] Lunascape RSS Feed Cross-Site Scripting Vulnerability
[SA24998] TJSChat "user" Cross-Site Scripting Vulnerability
[SA25019] PostgreSQL SECURITY DEFINER Functions Privilege Escalation

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA25023] Adobe Photoshop Bitmap File Handling Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-25

Marsu has reported a vulnerability in Adobe Photoshop, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/25023/

 --

[SA25017] Microgaming Download Helper ActiveX Control Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-24

Will Dormann has reported a vulnerability in Microgaming Download
Helper ActiveX Control, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/25017/

 --

[SA25016] Corel Paint Shop Pro Photo CLP File Handling Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-24

Marsu has discovered a vulnerability in Corel Paint Shop Pro Photo,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/25016/

 --

[SA24994] ACDSee Products "ID_X.apl" XPM File Handling Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-23

Marsu has discovered a vulnerability in ACDSee products, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24994/

 --

[SA24981] PhotoFiltre Studio TIF File Handling Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-23

Marsu has discovered a vulnerability in PhotoFiltre Studio, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24981/

 --

[SA24973] XnView XPM File Handling Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-23

Marsu has discovered a vulnerability in XnView, which can be exploited
by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24973/

 --

[SA24972] CA BrightStor ARCserve Backup Media Server Multiple Buffer
Overflows

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2007-04-25

Some vulnerabilities have been reported in BrightStor ARCserve Backup,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/24972/

 --

[SA25003] NeatUpload Response Handling Race Condition Information
Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2007-04-23

A security issue has been reported in NeatUpload, which can be
exploited by malicious people to gain knowledge of potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/25003/

 --

[SA25029] HP StorageWorks Command View Advanced Edition for XP
Unauthorized User Account Access

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2007-04-25

A vulnerability has been reported in HP StorageWorks Command View
Advanced Edition for XP, which potentially can be exploited by
malicious, local users to gain access to other users' accounts.

Full Advisory:
http://secunia.com/advisories/25029/

 --

[SA24986] ZoneAlarm Products SRESCAN.SYS IOCTL Handler Privilege
Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-04-23

Some vulnerabilities have been reported in ZoneAlarm products, which
can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/24986/


UNIX/Linux:--

[SA25022] Gentoo update for clamav

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2007-04-25

Gentoo has issued an update for clamav. This fixes two vulnerabilities,
where one has an unknown impact, while the other one can be exploited by
malicious people to cause a DoS (Denial of Service) or compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/25022/

 --

[SA25011] Apple QuickTime Java Handling Unspecified Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-24

A vulnerability has been reported in Apple QuickTime, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/25011/

 --

[SA25001] Gentoo update for 3proxy

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-23

Gentoo has issued an update for 3proxy. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/25001/

 --

[SA24996] Trustix update for freetype and clamav

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, DoS, System access
Released:    2007-04-23

Trustix has issued an update for freetype and clamav. This fixes some
vulnerabilities, where one has unknown impacts, and others can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24996/

 --

[SA24995] SUSE Update for Multiple Packages

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Privilege
escalation, DoS, System access
Released:    2007-04-23

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
manipulate data, cause a DoS (Denial of Service), and gain escalated
privileges, and by malicious people to manipulate data, conduct
cross-site scripting attacks, cause a DoS, and compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/24995/

 --

[SA24992] Pagode "asolute" Command Injection and Directory Traversal

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-04-24

Some vulnerabilities have been discovered in Pagode, which can be
exploited by malicious people to compromise a vulnerable system or to
disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/24992/

 --

[SA24968] Maran PHP Forum "name" PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-23

Dj7xpl has discovered a vulnerability in Maran PHP Forum, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24968/

 --

[SA24966] Mac OS X Security Update Fixes Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information, Privilege escalation, DoS, System access
Released:    2007-04-20

Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/24966/

 --

[SA24963] Gentoo courier-imap "XMAILDIR" Variable Command Injection

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-04-23

Gentoo has acknowledged a vulnerability in courier-imap, which
potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/24963/

 --

[SA25027] SUSE update for opera

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Cross Site Scripting
Released:    2007-04-25

SUSE has issued an update for opera. This fixes two vulnerabilities,
where one has unknown impacts and the other one can be exploited by
malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/25027/

 --

[SA24991] Gentoo update for blender

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-04-24

Gentoo has issued an update for blender. This fixes a vulnerability,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/24991/

 --

[SA24990] HP-UX sendmail Unspecified Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-04-24

A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/24990/

 --

[SA24982] Debian update for aircrack-ng

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-04-25

Debian has issued an update for aircrack-ng. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/24982/

 --

[SA24978] OpenBSD IPv6 Type 0 Route Headers Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-04-24

A vulnerability has been reported in OpenBSD, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/24978/

 --

[SA24970] Avaya Products Wireshark Multiple Denial of Service
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-04-25

Avaya has acknowledged some vulnerabilities in various Avaya products,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/24970/

 --

[SA24967] MyBB "day" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2007-04-24

0x86 has discovered a vulnerability in MyBB, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/24967/

 --

[SA24964] Gentoo update for aircrack-ng

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-04-23

Gentoo has issued an update for aircrack-ng. This fixes a
vulnerability, which can be exploited by malicious people to compromise
a user's system.

Full Advisory:
http://secunia.com/advisories/24964/

 --

[SA24987] Avaya CMS / IR Sun Solaris IP Packet Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-04-23

Avaya has acknowledged a vulnerability in Avaya CMS / IR, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/24987/

 --

[SA24974] Debian update for webcalendar

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-04-23

Debian has issued an update for webcalendar. This fixes a
vulnerability, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/24974/

 --

[SA24965] Red Hat update for php

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-04-20

Red Hat has issued an update for php. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/24965/

 --

[SA24989] rPath update for postgresql and postgresql-server

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation
Released:    2007-04-24

rPath has issued an update for postgresql and postgresql-server. This
fixes a security issue, which potentially can be exploited by malicious
users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/24989/

 --

[SA24980] Gentoo update for nas

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation, DoS
Released:    2007-04-24

Gentoo has issued an update for nas. This fixes some vulnerabilities,
which can be exploited by malicious, local users to gain escalated
privileges or by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/24980/

 --

[SA25004] SUSE update for XFree86 and Xorg

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2007-04-24

SUSE has issued an update for XFree86 and Xorg. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
disclose sensitive information, cause a DoS (Denial of Service), and
gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/25004/

 --

[SA24979] Mandriva update for krb5

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-04-23

Mandriva has issued an update for krb5. This fixes a security issue,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/24979/

 --

[SA24975] Sun Solaris libX11 Integer Overflow Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2007-04-25

Sun has acknowledged a vulnerability in Solaris, which can be exploited
by malicious, local users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/24975/

 --

[SA24985] Sun Cluster Software Denial of Service Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2007-04-25

A vulnerability has been reported in Sun Cluster, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/24985/

 --

[SA24976] Linux Kernel "L2CAP" and "HCI" Information Disclosure

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2007-04-25

Two weaknesses have been reported in the Linux Kernel, which can be
exploited by malicious, local users to disclose potential sensitive
information.

Full Advisory:
http://secunia.com/advisories/24976/


Other:--

[SA24962] Nortel VPN Router Default User Accounts and Missing
Authentication Checks

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2007-04-20

A vulnerability and a security issue have been reported in Nortel VPN
Routers, which can be exploited by malicious people to bypass certain
security restrictions or manipulate certain data.

Full Advisory:
http://secunia.com/advisories/24962/

 --

[SA25031] Linksys SPA941 SIP Message Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-04-25

Radu State has reported a vulnerability in the Linksys SPA941 VoIP
Phone, which can be exploited by malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/25031/


Cross Platform:--

[SA25015] wavewoo "path_include" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-04-25

kezzap66345 has reported a vulnerability in wavewoo, which can be
exploited by malicious people to disclose sensitive information or
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/25015/

 --

[SA24983] ACVSWS "CheminInclude" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-04-24

MoHaNdKo has reported a vulnerability in ACVSWS, which can be exploited
by malicious people to compromise a vulnerable system or to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/24983/

 --

[SA24977] Asterisk T.38 SDP Buffer Overflows and Management Interface
Denial of Service

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-04-25

Some vulnerabilities have been reported in Asterisk, which potentially
can be exploited by malicious people to cause a DoS (Denial of Service)
or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24977/

 --

[SA24971] Post Revolution "dir" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-04-24

InyeXion has discovered some vulnerabilities in Post Revolution, which
can be exploited by malicious people to compromise a vulnerable system
or to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/24971/

 --

[SA24969] HP Oracle for OpenView Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, Security Bypass, Cross Site Scripting,
Manipulation of data, Exposure of sensitive information, Privilege
escalation, DoS, System access
Released:    2007-04-20

HP has acknowledged some vulnerabilities in HP OfO (Oracle for
Openview). Some of these vulnerabilities have unknown impacts, while
others can be exploited to bypass certain security restrictions, gain
knowledge of sensitive information, gain escalated privileges, cause a
DoS (Denial of Service), conduct cross-site scripting and SQL injection
attacks, or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/24969/

 --

[SA25018] Yate Unspecified SIP Protocol Handling Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-04-24

A vulnerability has been reported in Yate, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25018/

 --

[SA25010] EsForum "idsalon" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-04-24

ilker Kandemir has reported a vulnerability in EsForum, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/25010/

 --

[SA24997] Big Blue Guestbook "comments" Script Insertion

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-04-24

seko has discovered a vulnerability in Big Blue Guestbook, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/24997/

 --

[SA24984] Ripe Website Manager SQL Injection and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2007-04-25

John Martinelli has reported two vulnerabilities in Ripe Website
Manager, which can be exploited by malicious people to conduct SQL
injection attacks and cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/24984/

 --

[SA25002] CA CleverPath Portal SQL Injection Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-04-26

Irene Abezgauz has reported a vulnerability in CA CleverPath Portal,
which can be exploited by malicious users to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/25002/

 --

[SA25000] Lunascape RSS Feed Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-04-25

A vulnerability has been reported in Lunascape, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/25000/

 --

[SA24998] TJSChat "user" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-04-24

the_Edit0r has discovered a vulnerability in TJSChat, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/24998/

 --

[SA25019] PostgreSQL SECURITY DEFINER Functions Privilege Escalation

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation
Released:    2007-04-24

A security issue has been reported in PostgreSQL, which potentially can
be exploited by malicious users to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/25019/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Fri Apr 27 2007 - 01:57:08 PDT