======================================================================== The Secunia Weekly Advisory Summary 2007-05-17 - 2007-05-24 This week: 67 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ======================================================================== 2) This Week in Brief: A vulnerability in Notepad++ was found this month, capable of executing arbitrary code on vulnerable systems. The software flaw is due to a boundary error in a third party library used by Notepad++. An attacker could exploit this vulnerability by creating a specially crafted Ruby source file (with the .rb extension), which could cause a stack-based buffer overflow. This vulnerability is rated by Secunia as highly critical because an attacker could use this flaw to gain access to a vulnerable system. An update has been released for this vulnerability, and users are encouraged to patch their systems. For more information: http://secunia.com/advisories/25245/ -- Six vulnerabilities were disclosed in Samba, which could be exploited by malicious users to perform certain actions with escalated privileges and to compromise a vulnerable system, and by malicious people to compromise a vulnerable system. One of these vulnerabilities is an error in smbd, another regarding input validation, while the rest are errors in the parsing of RPC requests. The vendor has released patches for the vulnerable Samba version. Secunia has rated this advisory as Moderately critical because of the exploitability of these vulnerabilities within a local network. For more information, please refer to: http://secunia.com/advisories/25232/ -- Some vulnerabilities were reported in Sun Java, which could be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. An attacker could create a specially crafted JPG or BMP image, which, when processed by the JDK, could allow the JVM to crash and potentially execute arbitrary code. Another error, with the BMP file parser tries to open local files ("/dev/tty") while parsing BMP images, could be exploited to cause a denial of service by e.g. tricking an application using the JDK to process a malicious BMP image. Successful exploitation of this vulnerability may require the JVM to be run on a Linux or UNIX-like operating system. The vendor has released patches to protect customers. For more information: http://secunia.com/advisories/25295/ -- Several vulnerabilities were reported in various Cisco products this week. A cross-site scripting vulnerability in Cisco CallManager could allow an attacker to execute code using the search form, which is not sanitised before being returned to the user. Another vulnerability due to Cisco products' use of a vulnerable Crypto library may allow malicious people to conduct denial-of- service attacks against vulnerable systems. And finally, several vulnerabilities in various Cisco products could be used to again launch denial-of-service attacks, due to errors in the way that they process certain SSL messages, such as "ClientHello". The vendor has patched these vulnerabilities, and solutions are available on the Cisco site. For more information: http://secunia.com/advisories/25377/ http://secunia.com/advisories/25364/ http://secunia.com/advisories/25361/ -- Norton Personal Firewall was found to have a vulnerability in an ActiveX control used by the software. A boundary error when handling "Set()" and "Get()" methods were found to be exploitable, and could cause stack-based buffer overflows by passing overly long arguments. Successful exploitation allows an attacker to execute arbitrary code on the vulnerable system. Patches have been released and available via automatic updates. For more information: http://secunia.com/advisories/25290/ -- A vulnerability has been discovered in Opera, which can be exploited by malicious people to compromise a user's system. The vulnerability is due to an error in handling certain keys in torrent files. When a user right-clicks a malicious torrent entry in the transfer manager, the error causes a stack-based buffer overflow, thus allowing an attacker to execute arbitrary code. Opera has released a new version to eliminate this vulnerability. For more information: http://secunia.com/advisories/25278/ Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is missing this update: http://secunia.com/software_inspector/ -- VIRUS ALERTS: During the past week Secunia collected 175 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA25278] Opera Torrent File Handling Buffer Overflow Vulnerability 2. [SA23769] Internet Explorer Multiple Vulnerabilities 3. [SA25290] Norton Personal Firewall ISAlertDataCOM ActiveX Control Buffer Overflow 4. [SA25291] Adobe Version Cue Installation Disables Firewall Security Issue 5. [SA24535] Internet Explorer 7 navcancl.htm Cross-Site Scripting Vulnerability 6. [SA25310] WordPress Redoable Theme "s" Cross-Site Scripting 7. [SA25295] Sun JDK ICC and BMP Parser Vulnerabilities 8. [SA25328] @Mail "util.php" Cross-Site Request Forgery 9. [SA25323] Globus Toolkit Nexus Unspecified Denial of Service Vulnerability 10. [SA25325] Magic ISO Maker CUE File Parsing Memory Corruption Vulnerability ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA25376] LEADTOOLS LEAD Thumbnail Browser Control ActiveX Control Buffer Overflow [SA25357] KSignSWAT AxKSignSWAT Module ActiveX Control Buffer Overflow [SA25351] ImagN' for Windows IMW32040.OCX ActiveX Control Buffer Overflows [SA25349] LEADTOOLS LEAD ISIS Control ActiveX Control Buffer Overflow [SA25331] LEADTOOLS LEAD Raster Thumbnail Object Library ActiveX Control Buffer Overflow [SA25330] VImpX ActiveX Control Buffer Overflow Vulnerability [SA25375] NOD32 Antivirus Two Buffer Overflow Vulnerabilities [SA25348] Vizayn Urun Tanitim Sitesi "id" SQL Injection [SA25347] Gazi Download Portal "id" SQL Injection [SA25327] Scintilla LexRuby.cxx Ruby Source File Buffer Overflow Vulnerability [SA25325] Magic ISO Maker CUE File Parsing Memory Corruption Vulnerability [SA25370] CandyPress Store Cross-Site Scripting Vulnerabilities [SA25338] Advance-Flow Unspecified Cross-Site Scripting Vulnerability [SA25326] RM EasyMail Plus "d" Cross-Site Scripting and Script Insertion [SA25314] VP-ASP Shopping Cart "type" Cross-Site Scripting Vulnerability [SA25371] Citrix Products Session Reliability Service Security Bypass UNIX/Linux: [SA25372] Ubuntu update for php [SA25319] OPeNDAP BES Software File Enumeration and Command Execution Vulnerabilities [SA25388] HP-UX update for Kerberos [SA25386] rPath update for freetype [SA25367] Ubuntu update for vim [SA25359] Mandriva update for gimp [SA25352] BlockHosts "hosts.allow" Denial of Service [SA25346] Red Hat update for gimp [SA25339] MadWifi Multiple Denial of Service Vulnerabilities [SA25332] ircd-ratbox Unspecified Denial of Service Vulnerability [SA25323] Globus Toolkit Nexus Unspecified Denial of Service Vulnerability [SA25322] Red Hat update for ipsec-tools [SA25318] Debian update for php5 [SA25393] FreeBSD update for file [SA25389] rPath update for mysql [SA25368] rdiffWeb "path" Directory Traversal Vulnerability [SA25365] Debian update for php4 [SA25329] Red Hat update for libpng [SA25320] Red Hat update for squirrelmail [SA25317] LibTMCG Missing Range Check Security Issue [SA25316] Gentoo update for mod_security [SA25315] Amavis Zoo Denial of Service Vulnerability [SA25373] Solaris 10 Net-snmp Stream-based Protocol Denial of Service [SA25334] Avaya Products PostgreSQL SECURITY DEFINER Privilege Escalation [SA25321] Red Hat update for vixie-cron Other: [SA25361] Cisco IOS SSL Messages Denial of Service Vulnerabilities [SA25377] Cisco CallManager Cross-Site Scripting Vulnerability [SA25344] Packeteer PacketShaper TCP ISN Generation Weakness Cross Platform: [SA25366] SunLight CMS "root" File Inclusion Vulnerability [SA25356] ol'bookmarks Multiple Vulnerabilities [SA25342] Libstats "rInfo[content]" File Inclusion Vulnerability [SA25369] Group-Office message.php and messages.php E-Mail Security Bypass [SA25364] Cisco Products Crypto Library Denial of Service [SA25363] HT Editor Display Width Buffer Overflow Vulnerability [SA25358] TutorialCMS Login Security Bypass [SA25355] WebGUI "dataform.pm" Security Bypass [SA25350] FreeType TTF Font Parsing Vulnerability [SA25345] WordPress "admin-ajax.php" SQL Injection [SA25343] RSA BSAFE Unspecified Denial of Service Vulnerability [SA25341] MolyX Board "lang" Local File Inclusion [SA25337] AlstraSoft Live Support managesettings.php Information Disclosure [SA25387] PsychoStats URL Cross-Site Scripting Vulnerabilities [SA25382] BtitTracker "account_change.php" SQL Injection [SA25378] PHP "gdPngReadData()" Truncated PNG Data Denial of Service [SA25362] GD Graphics Library Truncated PNG Data Denial of Service [SA25360] KnowledgeTree Open Source Security Bypass [SA25340] HLstats "hlstats.php" Cross-Site Scripting Vulnerabilities [SA25335] WordPress AdSense-Deluxe Plugin Cross-Site Request Forgery [SA25333] Gnatsweb "database" Cross-Site Scripting [SA25328] @Mail "util.php" Cross-Site Request Forgery [SA25324] GaliX Multiple Cross-Site Scripting Vulnerabilities ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA25376] LEADTOOLS LEAD Thumbnail Browser Control ActiveX Control Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2007-05-21 shinnai has discovered a vulnerability in LEADTOOLS LEAD Thumbnail Browser Control ActiveX control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/25376/ -- [SA25357] KSignSWAT AxKSignSWAT Module ActiveX Control Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2007-05-22 KIM, KEE HONG has reported a vulnerability in KSignSWAT, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/25357/ -- [SA25351] ImagN' for Windows IMW32040.OCX ActiveX Control Buffer Overflows Critical: Highly critical Where: From remote Impact: System access Released: 2007-05-22 rgod has discovered some vulnerabilities in ImagN' for Windows, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/25351/ -- [SA25349] LEADTOOLS LEAD ISIS Control ActiveX Control Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2007-05-22 shinnai has discovered a vulnerability in LEADTOOLS LEAD ISIS Control ActiveX control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/25349/ -- [SA25331] LEADTOOLS LEAD Raster Thumbnail Object Library ActiveX Control Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2007-05-21 shinnai has discovered a vulnerability in LEADTOOLS LEAD Raster Thumbnail Object Library ActiveX control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/25331/ -- [SA25330] VImpX ActiveX Control Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-05-18 rgod has discovered a vulnerability in VImpX, which can be exploited by malicious people to compromise a users' system. Full Advisory: http://secunia.com/advisories/25330/ -- [SA25375] NOD32 Antivirus Two Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: Privilege escalation, System access Released: 2007-05-23 Ismael Briones has reported two vulnerabilities in Nod32 Antivirus, which potentially can be exploited by malicious users to gain escalated privileges, or by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/25375/ -- [SA25348] Vizayn Urun Tanitim Sitesi "id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2007-05-21 ertuqrul has reported a vulnerability in Vizayn Urun Tanitim Sitesi, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/25348/ -- [SA25347] Gazi Download Portal "id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2007-05-21 ertuqrul has reported a vulnerability in Gazi Download Portal, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/25347/ -- [SA25327] Scintilla LexRuby.cxx Ruby Source File Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2007-05-18 A vulnerability has been reported in Scintilla, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/25327/ -- [SA25325] Magic ISO Maker CUE File Parsing Memory Corruption Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2007-05-18 n00b has discovered a vulnerability in Magic ISO Maker, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/25325/ -- [SA25370] CandyPress Store Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-05-21 r0t has reported some vulnerabilities in CandyPress Store, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/25370/ -- [SA25338] Advance-Flow Unspecified Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-05-21 A vulnerability has been reported in Advance-Flow, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/25338/ -- [SA25326] RM EasyMail Plus "d" Cross-Site Scripting and Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-05-21 John Martinelli has reported some vulnerabilities in RM EasyMail Plus, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks. Full Advisory: http://secunia.com/advisories/25326/ -- [SA25314] VP-ASP Shopping Cart "type" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-05-18 John Martinelli has reported a vulnerability in VP-ASP Shopping Cart, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/25314/ -- [SA25371] Citrix Products Session Reliability Service Security Bypass Critical: Less critical Where: From local network Impact: Security Bypass Released: 2007-05-23 Andrew Christensen has reported a security issue in various Citrix products, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/25371/ UNIX/Linux:-- [SA25372] Ubuntu update for php Critical: Highly critical Where: From remote Impact: Unknown, Security Bypass, System access Released: 2007-05-23 Ubuntu has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions and potentially by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/25372/ -- [SA25319] OPeNDAP BES Software File Enumeration and Command Execution Vulnerabilities Critical: Highly critical Where: From remote Impact: Exposure of system information, System access Released: 2007-05-21 Two vulnerabilities have been reported in OPeNDAP BES Software, which potentially can be exploited by malicious people to gain knowledge of system information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/25319/ -- [SA25388] HP-UX update for Kerberos Critical: Moderately critical Where: From remote Impact: System access Released: 2007-05-23 HP has issued an update for HP-UX. This fixes a vulnerability, which can potentially be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/25388/ -- [SA25386] rPath update for freetype Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-05-24 rPath has issued an update for freetype. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/25386/ -- [SA25367] Ubuntu update for vim Critical: Moderately critical Where: From remote Impact: System access Released: 2007-05-23 Ubuntu has issued an update for vim. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/25367/ -- [SA25359] Mandriva update for gimp Critical: Moderately critical Where: From remote Impact: System access Released: 2007-05-23 Mandriva has issued an update for gimp. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/25359/ -- [SA25352] BlockHosts "hosts.allow" Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-05-22 A vulnerability has been reported in BlockHosts, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25352/ -- [SA25346] Red Hat update for gimp Critical: Moderately critical Where: From remote Impact: System access Released: 2007-05-21 Red Hat has issued an update for gimp. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/25346/ -- [SA25339] MadWifi Multiple Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-05-23 Some vulnerabilities have been reported in MadWifi, which can be exploited by malicious, local users and malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25339/ -- [SA25332] ircd-ratbox Unspecified Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-05-21 A vulnerability has been reported in ircd-ratbox, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25332/ -- [SA25323] Globus Toolkit Nexus Unspecified Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-05-18 A vulnerability has been reported in Globus Toolkit, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25323/ -- [SA25322] Red Hat update for ipsec-tools Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-05-18 Red Hat has issued an update for ipsec-tools. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25322/ -- [SA25318] Debian update for php5 Critical: Moderately critical Where: From remote Impact: Security Bypass, System access Released: 2007-05-21 Debian has issued an update for php5. This fixes some vulnerabilities, which can be exploited by malicious users to bypass certain security restrictions or by malicious people to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/25318/ -- [SA25393] FreeBSD update for file Critical: Less critical Where: From remote Impact: System access, DoS Released: 2007-05-24 FreeBSD has issued an update for file. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/25393/ -- [SA25389] rPath update for mysql Critical: Less critical Where: From remote Impact: DoS Released: 2007-05-24 rPath has issued an update for mysql, mysql-bench, and mysql-server. This fixes two vulnerabilities, which can be exploited by malicious people and malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25389/ -- [SA25368] rdiffWeb "path" Directory Traversal Vulnerability Critical: Less critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2007-05-22 Jesus Roncero has reported a vulnerability in rdiffWeb, which can be exploited by malicious users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/25368/ -- [SA25365] Debian update for php4 Critical: Less critical Where: From remote Impact: Security Bypass Released: 2007-05-22 Debian has issued an update for php4. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/25365/ -- [SA25329] Red Hat update for libpng Critical: Less critical Where: From remote Impact: DoS Released: 2007-05-18 Red Hat has issued an update for libpng. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25329/ -- [SA25320] Red Hat update for squirrelmail Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-05-18 Red Hat has issued an update for squirrelmail. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/25320/ -- [SA25317] LibTMCG Missing Range Check Security Issue Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2007-05-18 A security issue has been reported in LibTMCG, which can be exploited by malicious people to potentially disclose sensitive information. Full Advisory: http://secunia.com/advisories/25317/ -- [SA25316] Gentoo update for mod_security Critical: Less critical Where: From remote Impact: Security Bypass Released: 2007-05-18 Gentoo has issued an update for mod_security. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/25316/ -- [SA25315] Amavis Zoo Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2007-05-18 A vulnerability has been reported in Amavis, which can potentially be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25315/ -- [SA25373] Solaris 10 Net-snmp Stream-based Protocol Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2007-05-21 Sun has acknowledged a vulnerability in Solaris 10, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25373/ -- [SA25334] Avaya Products PostgreSQL SECURITY DEFINER Privilege Escalation Critical: Less critical Where: From local network Impact: Privilege escalation Released: 2007-05-18 Avaya has acknowledged a security issue in various Avaya products, which potentially can be exploited by malicious users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/25334/ -- [SA25321] Red Hat update for vixie-cron Critical: Not critical Where: Local system Impact: DoS Released: 2007-05-18 Red Hat has issued an update for vixie-cron. This fixes a vulnerability, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25321/ Other:-- [SA25361] Cisco IOS SSL Messages Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-05-23 Some vulnerabilities have been reported in Cisco IOS, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25361/ -- [SA25377] Cisco CallManager Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-05-23 Marc Ruef and Stefan Friedli have reported a vulnerability in Cisco CallManager, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/25377/ -- [SA25344] Packeteer PacketShaper TCP ISN Generation Weakness Critical: Not critical Where: From local network Impact: Spoofing Released: 2007-05-21 nnposter has reported a weakness in Packeteer PacketShaper, which can be exploited by malicious people to spoof TCP connections. Full Advisory: http://secunia.com/advisories/25344/ Cross Platform:-- [SA25366] SunLight CMS "root" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-05-21 Cyber-Security has reported some vulnerabilities in SunLight CMS, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/25366/ -- [SA25356] ol'bookmarks Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Manipulation of data, Exposure of system information, Exposure of sensitive information, System access Released: 2007-05-22 Some vulnerabilities have been discovered in ol'bookmarks, which can be exploited by malicious people to disclose sensitive information, to compromise a vulnerable system, or to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/25356/ -- [SA25342] Libstats "rInfo[content]" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2007-05-21 Cyber-Security has discovered a vulnerability in Libstats, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/25342/ -- [SA25369] Group-Office message.php and messages.php E-Mail Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2007-05-22 A vulnerability has been reported in Group-Office, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/25369/ -- [SA25364] Cisco Products Crypto Library Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-05-23 A vulnerability has been reported in various Cisco products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25364/ -- [SA25363] HT Editor Display Width Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2007-05-22 A vulnerability has been reported in HT Editor, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/25363/ -- [SA25358] TutorialCMS Login Security Bypass Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2007-05-22 Silentz has discovered a vulnerability in TutorialCMS, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/25358/ -- [SA25355] WebGUI "dataform.pm" Security Bypass Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, Security Bypass Released: 2007-05-24 misja has reported a vulnerability in WebGUI, which can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/25355/ -- [SA25350] FreeType TTF Font Parsing Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-05-22 Victor Stinner has reported a vulnerability in FreeType, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/25350/ -- [SA25345] WordPress "admin-ajax.php" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2007-05-21 Janek Vind has discovered a vulnerability in WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/25345/ -- [SA25343] RSA BSAFE Unspecified Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-05-22 A vulnerability has been reported in RSA BSAFE, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25343/ -- [SA25341] MolyX Board "lang" Local File Inclusion Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2007-05-22 MurderSkillz has discovered a vulnerability in MolyX Board, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/25341/ -- [SA25337] AlstraSoft Live Support managesettings.php Information Disclosure Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2007-05-23 BlackHawk has reported a vulnerability in AlstraSoft Live Support, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/25337/ -- [SA25387] PsychoStats URL Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-05-23 John Martinelli has discovered some vulnerabilities in PsychoStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/25387/ -- [SA25382] BtitTracker "account_change.php" SQL Injection Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2007-05-23 m@ge|ozz has discovered two vulnerabilities in BtitTracker, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/25382/ -- [SA25378] PHP "gdPngReadData()" Truncated PNG Data Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2007-05-22 Xavier Roche has reported a vulnerability in PHP, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25378/ -- [SA25362] GD Graphics Library Truncated PNG Data Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2007-05-22 Xavier Roche has reported a vulnerability in GD Graphics Library, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/25362/ -- [SA25360] KnowledgeTree Open Source Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass Released: 2007-05-23 A vulnerability has been reported in KnowledgeTree Open Source, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/25360/ -- [SA25340] HLstats "hlstats.php" Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-05-21 John Martinelli has reported some vulnerabilities in HLstats, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/25340/ -- [SA25335] WordPress AdSense-Deluxe Plugin Cross-Site Request Forgery Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-05-22 David Kierznowski has reported a vulnerability in the AdSense-Deluxe plugin for WordPress, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/25335/ -- [SA25333] Gnatsweb "database" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-05-21 r0t has discovered a vulnerability in Gnatsweb, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/25333/ -- [SA25328] @Mail "util.php" Cross-Site Request Forgery Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-05-18 A vulnerability has been reported in @Mail, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/25328/ -- [SA25324] GaliX Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-05-21 John Martinelli has discovered some vulnerabilities in GaliX, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/25324/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu May 24 2007 - 22:36:15 PDT