[ISN] Secunia Weekly Summary - Issue: 2007-21

From: InfoSec News (alerts@private)
Date: Thu May 24 2007 - 22:25:28 PDT


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2007-05-17 - 2007-05-24                        

                       This week: 67 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Try a new way to discover vulnerabilities that ALREADY EXIST in your
IT infrastructure.

The Full Featured Secunia Network Software Inspector (NSI) is now
available: http://secunia.com/network_software_inspector/

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT
vulnerabilities in more than 4,000 different Windows applications.

========================================================================
2) This Week in Brief:

A vulnerability in Notepad++ was found this month, capable of executing
arbitrary code on vulnerable systems. The software flaw is due to a
boundary error in a third party library used by Notepad++.

An attacker could exploit this vulnerability by creating a specially
crafted Ruby source file (with the .rb extension), which could cause a
stack-based buffer overflow.

This vulnerability is rated by Secunia as highly critical because an
attacker could use this flaw to gain access to a vulnerable system.
An update has been released for this vulnerability, and users are
encouraged to patch their systems.

For more information:
http://secunia.com/advisories/25245/

 --

Six vulnerabilities were disclosed in Samba, which could be
exploited by malicious users to perform certain actions with escalated
privileges and to compromise a vulnerable system, and by malicious
people to compromise a vulnerable system.

One of these vulnerabilities is an error in smbd, another regarding
input validation, while the rest are errors in the parsing of RPC
requests. The vendor has released patches for the vulnerable Samba
version. Secunia has rated this advisory as Moderately critical
because of the exploitability of these vulnerabilities within a local
network.

For more information, please refer to:
http://secunia.com/advisories/25232/

 --

Some vulnerabilities were reported in Sun Java, which could be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.

An attacker could create a specially crafted JPG or BMP image, which,
when processed by the JDK, could allow the JVM to crash and
potentially execute arbitrary code.

Another error, with the BMP file parser tries to open local files
("/dev/tty") while parsing BMP images, could be exploited to cause
a denial of service by e.g. tricking an application using the JDK to
process a malicious BMP image.

Successful exploitation of this vulnerability may require the JVM to
be run on a Linux or UNIX-like operating system.

The vendor has released patches to protect customers.

For more information:
http://secunia.com/advisories/25295/

 --

Several vulnerabilities were reported in various Cisco products this
week.

A cross-site scripting vulnerability in Cisco CallManager could allow
an attacker to execute code using the search form, which is not
sanitised before being returned to the user.

Another vulnerability due to Cisco products' use of a vulnerable
Crypto library may allow malicious people to conduct denial-of-
service attacks against vulnerable systems.

And finally, several vulnerabilities in various Cisco products could
be used to again launch denial-of-service attacks, due to errors in
the way that they process certain SSL messages, such as
"ClientHello".

The vendor has patched these vulnerabilities, and solutions are
available on the Cisco site.

For more information:
http://secunia.com/advisories/25377/
http://secunia.com/advisories/25364/
http://secunia.com/advisories/25361/

 --

Norton Personal Firewall was found to have a vulnerability in an
ActiveX control used by the software. A boundary error when handling
"Set()" and "Get()" methods were found to be exploitable, and
could cause stack-based buffer overflows by passing overly long
arguments.

Successful exploitation allows an attacker to execute arbitrary code
on the vulnerable system. Patches have been released and available
via automatic updates.

For more information:
http://secunia.com/advisories/25290/

 --

A vulnerability has been discovered in Opera, which can be exploited
by malicious people to compromise a user's system. The vulnerability
is due to an error in handling certain keys in torrent files. When a
user right-clicks a malicious torrent entry in the transfer manager,
the error causes a stack-based buffer overflow, thus allowing an
attacker to execute arbitrary code.

Opera has released a new version to eliminate this vulnerability.
 
For more information:
http://secunia.com/advisories/25278/

Secunia has constructed the Secunia Software Inspector, which you can
use to check if your system is missing this update:
http://secunia.com/software_inspector/

 --

VIRUS ALERTS:

During the past week Secunia collected 175 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA25278] Opera Torrent File Handling Buffer Overflow Vulnerability
2.  [SA23769] Internet Explorer Multiple Vulnerabilities
3.  [SA25290] Norton Personal Firewall ISAlertDataCOM ActiveX Control
              Buffer Overflow
4.  [SA25291] Adobe Version Cue Installation Disables Firewall Security
              Issue
5.  [SA24535] Internet Explorer 7 navcancl.htm Cross-Site Scripting
              Vulnerability
6.  [SA25310] WordPress Redoable Theme "s" Cross-Site Scripting
7.  [SA25295] Sun JDK ICC and BMP Parser Vulnerabilities
8.  [SA25328] @Mail "util.php" Cross-Site Request Forgery
9.  [SA25323] Globus Toolkit Nexus Unspecified Denial of Service
              Vulnerability
10. [SA25325] Magic ISO Maker CUE File Parsing Memory Corruption
              Vulnerability

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA25376] LEADTOOLS LEAD Thumbnail Browser Control ActiveX Control
Buffer Overflow
[SA25357] KSignSWAT AxKSignSWAT Module ActiveX Control Buffer Overflow
[SA25351] ImagN' for Windows IMW32040.OCX ActiveX Control Buffer
Overflows
[SA25349] LEADTOOLS LEAD ISIS Control ActiveX Control Buffer Overflow
[SA25331] LEADTOOLS LEAD Raster Thumbnail Object Library ActiveX
Control Buffer Overflow
[SA25330] VImpX ActiveX Control Buffer Overflow Vulnerability
[SA25375] NOD32 Antivirus Two Buffer Overflow Vulnerabilities
[SA25348] Vizayn Urun Tanitim Sitesi "id" SQL Injection
[SA25347] Gazi Download Portal "id" SQL Injection
[SA25327] Scintilla LexRuby.cxx Ruby Source File Buffer Overflow
Vulnerability
[SA25325] Magic ISO Maker CUE File Parsing Memory Corruption
Vulnerability
[SA25370] CandyPress Store Cross-Site Scripting Vulnerabilities
[SA25338] Advance-Flow Unspecified Cross-Site Scripting Vulnerability
[SA25326] RM EasyMail Plus "d" Cross-Site Scripting and Script
Insertion
[SA25314] VP-ASP Shopping Cart "type" Cross-Site Scripting
Vulnerability
[SA25371] Citrix Products Session Reliability Service Security Bypass

UNIX/Linux:
[SA25372] Ubuntu update for php
[SA25319] OPeNDAP BES Software File Enumeration and Command Execution
Vulnerabilities
[SA25388] HP-UX update for Kerberos
[SA25386] rPath update for freetype
[SA25367] Ubuntu update for vim
[SA25359] Mandriva update for gimp
[SA25352] BlockHosts "hosts.allow" Denial of Service
[SA25346] Red Hat update for gimp
[SA25339] MadWifi Multiple Denial of Service Vulnerabilities
[SA25332] ircd-ratbox Unspecified Denial of Service Vulnerability
[SA25323] Globus Toolkit Nexus Unspecified Denial of Service
Vulnerability
[SA25322] Red Hat update for ipsec-tools
[SA25318] Debian update for php5
[SA25393] FreeBSD update for file
[SA25389] rPath update for mysql
[SA25368] rdiffWeb "path" Directory Traversal Vulnerability
[SA25365] Debian update for php4
[SA25329] Red Hat update for libpng
[SA25320] Red Hat update for squirrelmail
[SA25317] LibTMCG Missing Range Check Security Issue
[SA25316] Gentoo update for mod_security
[SA25315] Amavis Zoo Denial of Service Vulnerability
[SA25373] Solaris 10 Net-snmp Stream-based Protocol Denial of Service
[SA25334] Avaya Products PostgreSQL SECURITY DEFINER Privilege
Escalation
[SA25321] Red Hat update for vixie-cron

Other:
[SA25361] Cisco IOS SSL Messages Denial of Service Vulnerabilities
[SA25377] Cisco CallManager Cross-Site Scripting Vulnerability
[SA25344] Packeteer PacketShaper TCP ISN Generation Weakness

Cross Platform:
[SA25366] SunLight CMS "root" File Inclusion Vulnerability
[SA25356] ol'bookmarks Multiple Vulnerabilities
[SA25342] Libstats "rInfo[content]" File Inclusion Vulnerability
[SA25369] Group-Office message.php and messages.php E-Mail Security
Bypass
[SA25364] Cisco Products Crypto Library Denial of Service
[SA25363] HT Editor Display Width Buffer Overflow Vulnerability
[SA25358] TutorialCMS Login Security Bypass
[SA25355] WebGUI "dataform.pm" Security Bypass
[SA25350] FreeType TTF Font Parsing Vulnerability
[SA25345] WordPress "admin-ajax.php" SQL Injection
[SA25343] RSA BSAFE Unspecified Denial of Service Vulnerability
[SA25341] MolyX Board "lang" Local File Inclusion
[SA25337] AlstraSoft Live Support managesettings.php Information
Disclosure
[SA25387] PsychoStats URL Cross-Site Scripting Vulnerabilities
[SA25382] BtitTracker "account_change.php" SQL Injection
[SA25378] PHP "gdPngReadData()" Truncated PNG Data Denial of Service
[SA25362] GD Graphics Library Truncated PNG Data Denial of Service
[SA25360] KnowledgeTree Open Source Security Bypass
[SA25340] HLstats "hlstats.php" Cross-Site Scripting Vulnerabilities
[SA25335] WordPress AdSense-Deluxe Plugin Cross-Site Request Forgery
[SA25333] Gnatsweb "database" Cross-Site Scripting
[SA25328] @Mail "util.php" Cross-Site Request Forgery
[SA25324] GaliX Multiple Cross-Site Scripting Vulnerabilities

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA25376] LEADTOOLS LEAD Thumbnail Browser Control ActiveX Control
Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-05-21

shinnai has discovered a vulnerability in LEADTOOLS LEAD Thumbnail
Browser Control ActiveX control, which can be exploited by malicious
people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/25376/

 --

[SA25357] KSignSWAT AxKSignSWAT Module ActiveX Control Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-05-22

KIM, KEE HONG has reported a vulnerability in KSignSWAT, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/25357/

 --

[SA25351] ImagN' for Windows IMW32040.OCX ActiveX Control Buffer
Overflows

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-05-22

rgod has discovered some vulnerabilities in ImagN' for Windows, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/25351/

 --

[SA25349] LEADTOOLS LEAD ISIS Control ActiveX Control Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-05-22

shinnai has discovered a vulnerability in LEADTOOLS LEAD ISIS Control
ActiveX control, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/25349/

 --

[SA25331] LEADTOOLS LEAD Raster Thumbnail Object Library ActiveX
Control Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-05-21

shinnai has discovered a vulnerability in LEADTOOLS LEAD Raster
Thumbnail Object Library ActiveX control, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/25331/

 --

[SA25330] VImpX ActiveX Control Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-05-18

rgod has discovered a vulnerability in VImpX, which can be exploited by
malicious people to compromise a users' system.

Full Advisory:
http://secunia.com/advisories/25330/

 --

[SA25375] NOD32 Antivirus Two Buffer Overflow Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Privilege escalation, System access
Released:    2007-05-23

Ismael Briones has reported two vulnerabilities in Nod32 Antivirus,
which potentially can be exploited by malicious users to gain escalated
privileges, or by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/25375/

 --

[SA25348] Vizayn Urun Tanitim Sitesi "id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2007-05-21

ertuqrul has reported a vulnerability in Vizayn Urun Tanitim Sitesi,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/25348/

 --

[SA25347] Gazi Download Portal "id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2007-05-21

ertuqrul has reported a vulnerability in Gazi Download Portal, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/25347/

 --

[SA25327] Scintilla LexRuby.cxx Ruby Source File Buffer Overflow
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-05-18

A vulnerability has been reported in Scintilla, which can be exploited
by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/25327/

 --

[SA25325] Magic ISO Maker CUE File Parsing Memory Corruption
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-05-18

n00b has discovered a vulnerability in Magic ISO Maker, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/25325/

 --

[SA25370] CandyPress Store Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-05-21

r0t has reported some vulnerabilities in CandyPress Store, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/25370/

 --

[SA25338] Advance-Flow Unspecified Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-05-21

A vulnerability has been reported in Advance-Flow, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/25338/

 --

[SA25326] RM EasyMail Plus "d" Cross-Site Scripting and Script
Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-05-21

John Martinelli has reported some vulnerabilities in RM EasyMail Plus,
which can be exploited by malicious people to conduct cross-site
scripting and script insertion attacks.

Full Advisory:
http://secunia.com/advisories/25326/

 --

[SA25314] VP-ASP Shopping Cart "type" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-05-18

John Martinelli has reported a vulnerability in VP-ASP Shopping Cart,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/25314/

 --

[SA25371] Citrix Products Session Reliability Service Security Bypass

Critical:    Less critical
Where:       From local network
Impact:      Security Bypass
Released:    2007-05-23

Andrew Christensen has reported a security issue in various Citrix
products, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/25371/


UNIX/Linux:--

[SA25372] Ubuntu update for php

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, Security Bypass, System access
Released:    2007-05-23

Ubuntu has issued an update for php. This fixes some vulnerabilities,
where some have unknown impacts and others can be exploited by
malicious users to bypass certain security restrictions and potentially
by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/25372/

 --

[SA25319] OPeNDAP BES Software File Enumeration and Command Execution
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, System access
Released:    2007-05-21

Two vulnerabilities have been reported in OPeNDAP BES Software, which
potentially can be exploited by malicious people to gain knowledge of
system information or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/25319/

 --

[SA25388] HP-UX update for Kerberos

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-05-23

HP has issued an update for HP-UX. This fixes a vulnerability, which
can potentially be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/25388/

 --

[SA25386] rPath update for freetype

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-05-24

rPath has issued an update for freetype. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/25386/

 --

[SA25367] Ubuntu update for vim

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-05-23

Ubuntu has issued an update for vim. This fixes a vulnerability, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/25367/

 --

[SA25359] Mandriva update for gimp

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-05-23

Mandriva has issued an update for gimp. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/25359/

 --

[SA25352] BlockHosts "hosts.allow" Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-05-22

A vulnerability has been reported in BlockHosts, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25352/

 --

[SA25346] Red Hat update for gimp

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-05-21

Red Hat has issued an update for gimp. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/25346/

 --

[SA25339] MadWifi Multiple Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-05-23

Some vulnerabilities have been reported in MadWifi, which can be
exploited by malicious, local users and malicious people to cause a DoS
(Denial of Service).

Full Advisory:
http://secunia.com/advisories/25339/

 --

[SA25332] ircd-ratbox Unspecified Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-05-21

A vulnerability has been reported in ircd-ratbox, which potentially can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25332/

 --

[SA25323] Globus Toolkit Nexus Unspecified Denial of Service
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-05-18

A vulnerability has been reported in Globus Toolkit, which potentially
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/25323/

 --

[SA25322] Red Hat update for ipsec-tools

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-05-18

Red Hat has issued an update for ipsec-tools. This fixes a
vulnerability, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25322/

 --

[SA25318] Debian update for php5

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2007-05-21

Debian has issued an update for php5. This fixes some vulnerabilities,
which can be exploited by malicious users to bypass certain security
restrictions or by malicious people to potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/25318/

 --

[SA25393] FreeBSD update for file

Critical:    Less critical
Where:       From remote
Impact:      System access, DoS
Released:    2007-05-24

FreeBSD has issued an update for file. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/25393/

 --

[SA25389] rPath update for mysql

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-05-24

rPath has issued an update for mysql, mysql-bench, and mysql-server.
This fixes two vulnerabilities, which can be exploited by malicious
people and malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25389/

 --

[SA25368] rdiffWeb "path" Directory Traversal Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2007-05-22

Jesus Roncero has reported a vulnerability in rdiffWeb, which can be
exploited by malicious users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/25368/

 --

[SA25365] Debian update for php4

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-05-22

Debian has issued an update for php4. This fixes a vulnerability, which
can be exploited by malicious users to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/25365/

 --

[SA25329] Red Hat update for libpng

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-05-18

Red Hat has issued an update for libpng. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25329/

 --

[SA25320] Red Hat update for squirrelmail

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-05-18

Red Hat has issued an update for squirrelmail. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting and cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/25320/

 --

[SA25317] LibTMCG Missing Range Check Security Issue

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2007-05-18

A security issue has been reported in LibTMCG, which can be exploited
by malicious people to potentially disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/25317/

 --

[SA25316] Gentoo update for mod_security

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-05-18

Gentoo has issued an update for mod_security. This fixes a
vulnerability, which can be exploited by malicious people to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/25316/

 --

[SA25315] Amavis Zoo Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-05-18

A vulnerability has been reported in Amavis, which can potentially be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25315/

 --

[SA25373] Solaris 10 Net-snmp Stream-based Protocol Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-05-21

Sun has acknowledged a vulnerability in Solaris 10, which can be
exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25373/

 --

[SA25334] Avaya Products PostgreSQL SECURITY DEFINER Privilege
Escalation

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation
Released:    2007-05-18

Avaya has acknowledged a security issue in various Avaya products,
which potentially can be exploited by malicious users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/25334/

 --

[SA25321] Red Hat update for vixie-cron

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2007-05-18

Red Hat has issued an update for vixie-cron. This fixes a
vulnerability, which can be exploited by malicious, local users to
cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25321/


Other:--

[SA25361] Cisco IOS SSL Messages Denial of Service Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-05-23

Some vulnerabilities have been reported in Cisco IOS, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25361/

 --

[SA25377] Cisco CallManager Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-05-23

Marc Ruef and Stefan Friedli have reported a vulnerability in Cisco
CallManager, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/25377/

 --

[SA25344] Packeteer PacketShaper TCP ISN Generation Weakness

Critical:    Not critical
Where:       From local network
Impact:      Spoofing
Released:    2007-05-21

nnposter has reported a weakness in Packeteer PacketShaper, which can
be exploited by malicious people to spoof TCP connections.

Full Advisory:
http://secunia.com/advisories/25344/


Cross Platform:--

[SA25366] SunLight CMS "root" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-05-21

Cyber-Security has reported some vulnerabilities in SunLight CMS, which
can be exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/25366/

 --

[SA25356] ol'bookmarks Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Manipulation of data, Exposure of system information,
Exposure of sensitive information, System access
Released:    2007-05-22

Some vulnerabilities have been discovered in ol'bookmarks, which can be
exploited by malicious people to disclose sensitive information, to
compromise a vulnerable system, or to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/25356/

 --

[SA25342] Libstats "rInfo[content]" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2007-05-21

Cyber-Security has discovered a vulnerability in Libstats, which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/25342/

 --

[SA25369] Group-Office message.php and messages.php E-Mail Security
Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-05-22

A vulnerability has been reported in Group-Office, which can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/25369/

 --

[SA25364] Cisco Products Crypto Library Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-05-23

A vulnerability has been reported in various Cisco products, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25364/

 --

[SA25363] HT Editor Display Width Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-05-22

A vulnerability has been reported in HT Editor, which potentially can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/25363/

 --

[SA25358] TutorialCMS Login Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-05-22

Silentz has discovered a vulnerability in TutorialCMS, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/25358/

 --

[SA25355] WebGUI "dataform.pm" Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, Security Bypass
Released:    2007-05-24

misja has reported a vulnerability in WebGUI, which can be exploited by
malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/25355/

 --

[SA25350] FreeType TTF Font Parsing Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-05-22

Victor Stinner has reported a vulnerability in FreeType, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/25350/

 --

[SA25345] WordPress "admin-ajax.php" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2007-05-21

Janek Vind has discovered a vulnerability in WordPress, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/25345/

 --

[SA25343] RSA BSAFE Unspecified Denial of Service Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-05-22

A vulnerability has been reported in RSA BSAFE, which can be exploited
by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25343/

 --

[SA25341] MolyX Board "lang" Local File Inclusion

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2007-05-22

MurderSkillz has discovered a vulnerability in MolyX Board, which can
be exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/25341/

 --

[SA25337] AlstraSoft Live Support managesettings.php Information
Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2007-05-23

BlackHawk has reported a vulnerability in AlstraSoft Live Support,
which can be exploited by malicious people to disclose potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/25337/

 --

[SA25387] PsychoStats URL Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-05-23

John Martinelli has discovered some vulnerabilities in PsychoStats,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/25387/

 --

[SA25382] BtitTracker "account_change.php" SQL Injection

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-05-23

m@ge|ozz has discovered two vulnerabilities in BtitTracker, which can
be exploited by malicious users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/25382/

 --

[SA25378] PHP "gdPngReadData()" Truncated PNG Data Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-05-22

Xavier Roche has reported a vulnerability in PHP, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/25378/

 --

[SA25362] GD Graphics Library Truncated PNG Data Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2007-05-22

Xavier Roche has reported a vulnerability in GD Graphics Library, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/25362/

 --

[SA25360] KnowledgeTree Open Source Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-05-23

A vulnerability has been reported in KnowledgeTree Open Source, which
can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/25360/

 --

[SA25340] HLstats "hlstats.php" Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-05-21

John Martinelli has reported some vulnerabilities in HLstats, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/25340/

 --

[SA25335] WordPress AdSense-Deluxe Plugin Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-05-22

David Kierznowski has reported a vulnerability in the AdSense-Deluxe
plugin for WordPress, which can be exploited by malicious people to
conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/25335/

 --

[SA25333] Gnatsweb "database" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-05-21

r0t has discovered a vulnerability in Gnatsweb, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/25333/

 --

[SA25328] @Mail "util.php" Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-05-18

A vulnerability has been reported in @Mail, which can be exploited by
malicious people to conduct cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/25328/

 --

[SA25324] GaliX Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-05-21

John Martinelli has discovered some vulnerabilities in GaliX, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/25324/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


_____________________________________________________
Attend Black Hat USA, July 28-August 2 in Las Vegas, 
the world's premier technical event for ICT security 
experts. Featuring 30 hands-on training courses and 
90 Briefings presentations with lots of new content 
and new tools. Network with 4,000 delegates from 
70 nations.   Visit product displays by 30 top
sponsors in a relaxed setting. Rates increase on 
June 1 so register today. http://www.blackhat.com



This archive was generated by hypermail 2.1.3 : Thu May 24 2007 - 22:36:15 PDT