======================================================================== The Secunia Weekly Advisory Summary 2007-10-04 - 2007-10-11 This week: 106 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: 2003: 2,700 advisories published 2004: 3,100 advisories published 2005: 4,600 advisories published 2006: 5,300 advisories published How do you know which Secunia advisories are important to you? The Secunia Vulnerability Intelligence Solutions allows you to filter and structure all the information you need, so you can address issues effectively. Get a free trial of the Secunia Vulnerability Intelligence Solutions: http://corporate.secunia.com/how_to_buy/38/vi/?ref=summary_sm ======================================================================== 2) This Week in Brief: Microsoft released six security bulletins this week, including an extremely critical one for a vulnerability in Microsoft Word that they reported as being actively exploited. The vulnerability in Microsoft Word is caused by an unspecified error in the handling of Word documents. It can be exploited to corrupt memory when a user opens a specially crafted Office file, allowing an attacker to execute arbitrary code. Patches have been released for Microsoft Office 2000, 2004 for Mac, and XP. For more information, refer to: http://secunia.com/advisories/27151/ Two vulnerabilities in Internet Explorer have also been reported, including one that was discovered by Secunia Research. Patches have been released for the affected versions. A less critical spoofing vulnerability has been reported that can be used to spoof the address bar. The vulnerability is caused due to an unspecified error and allows displaying of spoofed content in the browser window while the address bar and other parts of the trust UI may reference a trusted site. For more information, refer to: http://secunia.com/advisories/27133/ Secunia Research also discovered a highly critical vulnerability caused by an error in the file download queue handling when processing multiple concurrent attempts to start a file download. This can be exploited via a specially crafted web page to corrupt memory in a way that results in the use of an already freed object. Successful exploitation allows execution of arbitrary code. For more information, refer to: http://secunia.com/advisories/23469/ A highly critical vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. An unspecified error in the Kodak Image Viewer when processing certain image files can be exploited to cause a memory corruption. Successful exploitation allows execution of arbitrary code, for example, when a user visits a specially crafted web page or opens a specially crafted email. Users should note that Windows XP and Windows Server 2003 are only vulnerable if they have been upgraded from Windows 2000. For more information, refer to: http://secunia.com/advisories/27092/ A highly critical vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system, has also been reported. The vulnerability is caused by a boundary error in inetcomm.dll when processing NNTP (Network News Transfer Protocol) responses, which can be exploited to cause a heap-based buffer overflow by returning more data than requested by the client. Successful exploitation entails that a user is, for example, enticed into visiting a malicious website, and may allow execution of arbitrary code. For more information, refer to: http://secunia.com/advisories/27112/ A less critical vulnerability in Microsoft SharePoint Services and Office SharePoint Server, which can be exploited by malicious people to conduct cross-site scripting attacks, has also been resolved. For more information, refer to: http://secunia.com/advisories/27148/ Another less critical vulnerability in Microsoft Windows and Microsoft Windows 2000, which can be exploited by malicious people to disclose potentially sensitive information. has also been resolved. For more information, refer to: http://secunia.com/advisories/27134/ http://secunia.com/advisories/27153/ Secunia has constructed the Secunia Personal Software Inspector, which you can use to check if your personal system is vulnerable: https://psi.secunia.com/ Corporate users can request for a trial of the Secunia Network Software Inspector, which you can use to check which systems in your network are vulnerable: http://secunia.com/network_software_inspector/ -- Microsoft acknowledged a vulnerability in the way it handles URIs. The issue, which was first reported as a Firefox vulnerability in July, was eventually determined by Secunia Research to be a Windows problem. The vulnerability is caused by an input validation error within the handling of URIs with registered URI handlers (e.g. "mailto", "news", "nntp", "snews", "telnet", and "http"). This can be exploited to execute arbitrary commands when a user of certain applications visits a malicious website or clicks on a link with a specially crafted URI containing a "%" character and ending with a certain extension (e.g. ".bat" or ".cmd"). The following have been identified as being possible attack vectors on Windows XP SP2 and Windows 2003 SP2 systems in which Internet Explorer 7 is installed: * Firefox version 2.0.0.5 and Netscape Navigator version 9.0b2 (when opening a link or visiting a malicious website) * mIRC version 6.3 (when opening a link) * Adobe Reader/Acrobat version 8.1 and prior (when opening PDF files) * Outlook Express 6 (e.g. when following specially crafted links in VCards) * Outlook 2000 (e.g. when following specially crafted links in VCards) Microsoft has released a security advisory for users to refer to while they further investigate the problem. For more information, refer to: http://secunia.com/advisories/26201/ -- A vulnerability has been reported in OpenBSD, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. DHCP requests within dhcpd in the "cons_options()" function in options.c are improperly handled, which can be exploited to cause a stack-based buffer overflow by sending a specially crafted DHCP request specifying a maximum message size between DHCP_FIXED_LEN and DHCP_FIXED_LEN + 3. Successful exploitation may allow the execution of arbitrary code. Users are urged to apply patches released by the OpenBSD team. Patches are available for OpenBSD 4.0, 4.1, and 4.2. For more information, refer to: http://secunia.com/advisories/27160/ -- Two vulnerabilities previously discovered in Adobe Photoshop last April were confirmed by Secunia Research to also be present in Adobe GoLive and Adobe Illustrator. The vulnerabilities, which are caused by input validation errors in the PNG.8BI and BMP.8BI format plugins, can be exploited to cause heap-based buffer overflows. In GoLive, this moderately critical vulnerability is exploitable by, for example, dragging a specially crafted PNG or BMP file into the HTML layout interface. In Illustrator, this is exploitable, for example, by simply opening a specially crafted PNG or BMP file, which is why Secunia rates the vulnerability in Illustrator as highly critical. Exploiting these vulnerabilities allows an attacker to execute arbitrary code. Adobe has released fixes for the vulnerability in Adobe Illustrator. Fixes for the vulnerability in Adobe GoLive are also available for Windows users; Macintosh users are advised to perform the vendor-recommended workarounds in the meantime. For more information, refer to: http://secunia.com/advisories/26846/ http://secunia.com/advisories/26864/ A vulnerability in Adobe Pagemaker was also disclosed this week. The highly critical vulnerability, which is caused by a boundary error in MAIPM6.DLL when handling font names in PageMaker (.PMD) files, can be exploited to cause a stack-based buffer overflow by, for example, opening a specially-crafted .PMD file containing an overly long font name. Successful exploitation allows execution of arbitrary code. The vendor has also released updates for the affected software. All Adobe Pagemaker 7.0.1 and 7.0.2 users are urged to apply the updates as soon as possible. -- VIRUS ALERTS: During the past week Secunia collected 125 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA27009] Sun Java JRE Multiple Vulnerabilities 2. [SA26201] Microsoft Windows URI Handling Command Execution Vulnerability 3. [SA23469] Internet Explorer File Download Handling Memory Corruption 4. [SA27151] Microsoft Word Unspecified Memory Corruption Vulnerability 5. [SA21910] Internet Explorer Multiple Vulnerabilities 6. [SA27084] OpenVMS Denial of Service Vulnerabilities 7. [SA27087] Fedora update for openoffice.org 8. [SA27094] VBA32 Antivirus Insecure Default Directory Permissions 9. [SA27057] Firebird 2 Multiple Buffer Overflow Vulnerabilities 10. [SA27066] Firebird 1 Multiple Buffer Overflow Vulnerabilities ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA27151] Microsoft Word Unspecified Memory Corruption Vulnerability [SA27187] Kaspersky Online Scanner ActiveX Control Format String Vulnerability [SA27158] Adobe Pagemaker Long Font Name Buffer Overflow Vulnerability [SA27143] Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflows [SA27112] Microsoft Windows NNTP Response Handling Buffer Overflow [SA27092] Microsoft Windows Kodak Image Viewer Code Execution [SA27192] CA BrightStor ARCServe Backup Multiple Vulnerabilities [SA27157] World in Conflict VOIP Denial of Service Vulnerability [SA27075] Hitachi Cosminexus JSSE SSL/TLS Handshake Denial of Service [SA27166] EMC RepliStor Server Service Buffer Overflow Vulnerability [SA27148] Microsoft Windows SharePoint Services / Office SharePoint Server Cross-Site Scripting [SA27133] Internet Explorer Unspecified Address Bar Spoofing Vulnerability [SA27120] DB Manager "id" Cross-Site Scripting [SA27115] dbList "dblisttest.asp" Multiple Cross-Site Scripting [SA27095] Pegasus Imaging ImagXpress Two ActiveX Controls Insecure Methods [SA27080] Helm Web Hosting Control Panel Cross-Site Scripting Vulnerabilities [SA27153] Microsoft Windows 2000 RPC Authentication Information Disclosure [SA27134] Microsoft Windows RPC Authentication Denial of Service [SA27082] NetSupport Products Unspecified Denial of Service Vulnerability [SA27094] VBA32 Antivirus Insecure Default Directory Permissions [SA27144] Microsoft Expression Media Password Disclosure Weakness [SA27136] Interstage Application Server Full Path Disclosure Weakness UNIX/Linux: [SA27190] TikiWiki tiki-graph_formula.php Function Injection Vulnerability [SA27164] LightBlog Security Bypass and File Upload Vulnerabilities [SA27139] LiveAlbum "livealbum_dir" File Inclusion Vulnerability [SA27117] AlsaPlayer Vorbis Input Plug-in OGG Processing Buffer Overflows [SA27097] Gentoo update for openssl [SA27087] Fedora update for openoffice.org [SA27081] Gentoo update for librpcsecgss [SA27078] Mandriva update for openssl [SA27077] Ubuntu update for openoffice.org [SA27185] cpDynaLinks "category" SQL Injection Vulnerability [SA27184] Asterisk IMAP Storage Voicemail Buffer Overflow [SA27167] Gentoo update for NX [SA27162] NX Server PCF Integer Overflow Vulnerabilities [SA27156] Gentoo updates for koffice, kword, kdegraphics, and kpdf [SA27146] Avaya Products nfs-utils-lib Denial of Service [SA27131] PHP Homepage M "id" SQL Injection Vulnerability [SA27129] OpenH323 opal Session Initiation Protocol Vulnerability [SA27128] Ekiga opal Session Initiation Protocol Vulnerability [SA27124] Nagios Plugins Long Location Header Buffer Overflow Vulnerability [SA27118] Red Hat update for opal [SA27113] Verlihub Control Panel "page" Local File Inclusion [SA27110] Fedora update for php [SA27102] Gentoo update for php [SA27100] Gentoo update for libsndfile [SA27099] Gentoo update for libvorbis [SA27086] Gentoo update for tk [SA27071] Ubuntu update for libsndfile [SA27176] Sun Solaris X Font Server Multiple Vulnerabilities [SA27160] OpenBSD dhcpd Buffer Overflow Vulnerability [SA27150] Red Hat update for pwlib [SA27119] Minki "page" Cross-Site Scripting Vulnerability [SA27108] Red Hat update for kdelibs [SA27106] Red Hat update for kdebase [SA27096] Fedora update for kdebase [SA27090] Fedora update for kdelibs [SA27155] Ubuntu update for mysql [SA27132] Fedora update for elinks [SA27125] rPath update for elinks [SA27168] Debian update for xfs [SA27161] Ubuntu update for xen [SA27147] Avaya Products X.org X11 Composite Pixmap Privilege Escalation [SA27141] rPath update for xen [SA27111] ldapscripts Command Line User Credentials Disclosure [SA27103] Fedora update for xen [SA27085] Debian update for xen-utils [SA27079] Ubuntu update for debian-goodies [SA27076] guilt Insecure Temporary Files [SA27072] Fedora update for xen [SA27088] Fedora update for pidgin [SA27101] Fedora update for kernel [SA27188] Fedora update for util-linux [SA27154] Sun Solaris Virtual File System (VFS) Denial of Service [SA27152] Sun Solaris Trusted Extensions "labeld" Denial of Service [SA27135] Sun Solaris vuidmice Streams Modules Denial of Service [SA27104] rPath update for util-linux [SA27098] Gentoo update for qgit [SA27089] Fedora update for kdebase Other: [SA27084] OpenVMS Denial of Service Vulnerabilities [SA27169] Cisco IOS Line Printer Daemon Buffer Overflow Vulnerability [SA27175] Sun Solaris 10 BSM Network Auditing Denial of Service Cross Platform: [SA27174] Knowledgeroot Knowledgebase FCKEditor PHP File Upload Vulnerability [SA27172] NuSEO.PHP "nuseo_dir" File Inclusion Vulnerability [SA27140] xKiosk WEB "PEARPATH" Remote File Inclusion Vulnerability [SA27123] FCKEditor PHP File Upload Vulnerability [SA27199] ViArt Shop iDEAL Information Disclosure [SA27159] LedgerSMB Multiple SQL Injection Vulnerabilities [SA27142] TYPOlight webCMS "preview.php" Arbitrary File Download [SA27138] Softbiz Jobs and Recruitment Script "cid" SQL Injection [SA27137] Wesnoth UTF-8 Denial of Service Vulnerability [SA27114] SkaDate "view_mode" Directory Traversal Vulnerability [SA27109] TorrentTrader Cross-Site Scripting and Local File Inclusion [SA27107] DropTeam Multiple Vulnerabilities [SA27091] wzdftpd "do_login_loop()" Off-By-One Vulnerability [SA27083] The Dawn of Time HTTP Authentication Format String Vulnerability [SA27194] Interspire ActiveKB NX "page" Cross-Site Scripting [SA27173] phpMyAdmin "setup.php" Cross-Site Scripting Vulnerability [SA27163] DNews dnewsweb Cross-Site Scripting Vulnerabilities [SA27130] libpng ICC Profile Chunk Denial of Service Vulnerability [SA27127] PWLib "PString::vsprintf()" Denial of Service Vulnerability [SA27093] libpng Multiple Denial of Service Vulnerabilities [SA27073] MailBee WebMail Cross-Site Scripting Vulnerabilities [SA27074] Hitachi Cosminexus Agent Unspecified Denial of Service Vulnerability [SA27145] util-linux Privilege Escalation Vulnerability [SA27121] WebSphere Application Server for z/OS HTTP Server Denial of Service ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA27151] Microsoft Word Unspecified Memory Corruption Vulnerability Critical: Extremely critical Where: From remote Impact: System access Released: 2007-10-09 A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/27151/ -- [SA27187] Kaspersky Online Scanner ActiveX Control Format String Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-11 A vulnerability has been reported in Kaspersky Online Scanner, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/27187/ -- [SA27158] Adobe Pagemaker Long Font Name Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-10 Tan Chew Keong has reported a vulnerability in Adobe Pagemaker, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/27158/ -- [SA27143] Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflows Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-09 Will Dormann has reported some vulnerabilities in Electronic Arts SnoopyCtrl ActiveX control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/27143/ -- [SA27112] Microsoft Windows NNTP Response Handling Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-09 VeriSign iDefense Labs has reported a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/27112/ -- [SA27092] Microsoft Windows Kodak Image Viewer Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-09 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/27092/ -- [SA27192] CA BrightStor ARCServe Backup Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, DoS, System access Released: 2007-10-11 Multiple vulnerabilities have been reported in CA BrightStor ARCserve Backup, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27192/ -- [SA27157] World in Conflict VOIP Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-10-10 Luigi Auriemma has reported a vulnerability in World in Conflict, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27157/ -- [SA27075] Hitachi Cosminexus JSSE SSL/TLS Handshake Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-10-05 A vulnerability has been reported in Hitachi Cosminexus, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27075/ -- [SA27166] EMC RepliStor Server Service Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: System access Released: 2007-10-11 Aaron Portnoy has reported a vulnerability in EMC RepliStor, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27166/ -- [SA27148] Microsoft Windows SharePoint Services / Office SharePoint Server Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-10-09 A vulnerability has been reported in Microsoft SharePoint Services and Office SharePoint Server, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/27148/ -- [SA27133] Internet Explorer Unspecified Address Bar Spoofing Vulnerability Critical: Less critical Where: From remote Impact: Spoofing Released: 2007-10-09 A vulnerability has been reported in Internet Explorer, which can be exploited by a malicious website to spoof the address bar. Full Advisory: http://secunia.com/advisories/27133/ -- [SA27120] DB Manager "id" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-10-08 r0t has reported a vulnerability in DB Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/27120/ -- [SA27115] dbList "dblisttest.asp" Multiple Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-10-08 r0t has reported some vulnerabilities in dbList, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/27115/ -- [SA27095] Pegasus Imaging ImagXpress Two ActiveX Controls Insecure Methods Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2007-10-08 shinnai has discovered two vulnerabilities in Pegasus Imaging ImagXpress, which can be exploited by malicious people to overwrite or delete arbitrary files. Full Advisory: http://secunia.com/advisories/27095/ -- [SA27080] Helm Web Hosting Control Panel Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-10-05 r0t has reported some vulnerabilities in Helm Web Hosting Control Panel, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/27080/ -- [SA27153] Microsoft Windows 2000 RPC Authentication Information Disclosure Critical: Less critical Where: From local network Impact: Exposure of sensitive information Released: 2007-10-09 A vulnerability has been reported in Microsoft Windows 2000, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/27153/ -- [SA27134] Microsoft Windows RPC Authentication Denial of Service Critical: Less critical Where: From local network Impact: DoS Released: 2007-10-09 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27134/ -- [SA27082] NetSupport Products Unspecified Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2007-10-05 A vulnerability has been reported in NetSupport products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27082/ -- [SA27094] VBA32 Antivirus Insecure Default Directory Permissions Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2007-10-05 A security issue has been discovered in VBA32 Antivirus, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/27094/ -- [SA27144] Microsoft Expression Media Password Disclosure Weakness Critical: Not critical Where: From remote Impact: Exposure of sensitive information Released: 2007-10-10 A weakness has been reported in Microsoft Expression Media, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/27144/ -- [SA27136] Interstage Application Server Full Path Disclosure Weakness Critical: Not critical Where: From remote Impact: Exposure of system information Released: 2007-10-09 A weakness has been reported in Interstage Application Server, which can be exploited by malicious people to disclose system information. Full Advisory: http://secunia.com/advisories/27136/ UNIX/Linux:-- [SA27190] TikiWiki tiki-graph_formula.php Function Injection Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-11 ShAnKaR has reported a vulnerability in TikiWiki, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27190/ -- [SA27164] LightBlog Security Bypass and File Upload Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Manipulation of data, System access Released: 2007-10-10 BlackHawk has discovered two vulnerabilities in LightBlog, which can be exploited by malicious people to bypass certain security restrictions and to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27164/ -- [SA27139] LiveAlbum "livealbum_dir" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2007-10-09 S.W.A.T. has discovered a vulnerability in LiveAlbum, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27139/ -- [SA27117] AlsaPlayer Vorbis Input Plug-in OGG Processing Buffer Overflows Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-08 Some vulnerabilities have been reported in AlsaPlayer, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/27117/ -- [SA27097] Gentoo update for openssl Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2007-10-08 Gentoo has issued an update for openssl. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27097/ -- [SA27087] Fedora update for openoffice.org Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-05 Fedora has issued an update for openoffice.org. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/27087/ -- [SA27081] Gentoo update for librpcsecgss Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-05 Gentoo has issued an update for librpcsecgss. This fixes a vulnerability, which can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/27081/ -- [SA27078] Mandriva update for openssl Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2007-10-05 Mandriva has issued an update for openssl. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27078/ -- [SA27077] Ubuntu update for openoffice.org Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-05 Ubuntu has issued an update for openoffice.org. This fixes some vulnerabilities, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/27077/ -- [SA27185] cpDynaLinks "category" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2007-10-11 s0cratex has discovered a vulnerability in cpDynaLinks, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/27185/ -- [SA27184] Asterisk IMAP Storage Voicemail Buffer Overflow Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-10-11 A vulnerability has been reported in Asterisk, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27184/ -- [SA27167] Gentoo update for NX Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-10-10 Gentoo has released an update for NX. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27167/ -- [SA27162] NX Server PCF Integer Overflow Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-10-10 Some vulnerabilities have been reported in NX Server, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27162/ -- [SA27156] Gentoo updates for koffice, kword, kdegraphics, and kpdf Critical: Moderately critical Where: From remote Impact: System access Released: 2007-10-10 Gentoo has issued updates for koffice, kword, kdegraphics, and kpdf. These fix a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/27156/ -- [SA27146] Avaya Products nfs-utils-lib Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-10-09 Avaya has acknowledged a vulnerability in various Avaya products, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27146/ -- [SA27131] PHP Homepage M "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2007-10-09 [PHCN] Mahjong has discovered a vulnerability in PHP Homepage M, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/27131/ -- [SA27129] OpenH323 opal Session Initiation Protocol Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-10-08 A vulnerability has been reported in OpenH323 opal, which can potentially be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/27129/ -- [SA27128] Ekiga opal Session Initiation Protocol Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-10-08 A vulnerability has been reported in Ekiga, which can potentially be exploited by malicious people to compromise an vulnerable system. Full Advisory: http://secunia.com/advisories/27128/ -- [SA27124] Nagios Plugins Long Location Header Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2007-10-08 Nobuhiro Ban has reported a vulnerability in Nagios Plugins, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27124/ -- [SA27118] Red Hat update for opal Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-10-08 Red Hat has issued an update for opal. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/27118/ -- [SA27113] Verlihub Control Panel "page" Local File Inclusion Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2007-10-09 Methodman has reported a vulnerability in Verlihub Control Panel, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/27113/ -- [SA27110] Fedora update for php Critical: Moderately critical Where: From remote Impact: Unknown, Security Bypass Released: 2007-10-08 Fedora has issued an update for php. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/27110/ -- [SA27102] Gentoo update for php Critical: Moderately critical Where: From remote Impact: Unknown, Security Bypass, Exposure of sensitive information, Privilege escalation, DoS, System access Released: 2007-10-08 Gentoo has issued an update for php. This fixes some security issues and vulnerabilities, where some have unknown impacts and others can be exploited by malicious, local users to bypass certain security restrictions, by malicious users to bypass certain security restrictions, gain escalated privileges, and cause a DoS (Denial of Service), and by malicious people to expose potentially sensitive information, cause a DoS, and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27102/ -- [SA27100] Gentoo update for libsndfile Critical: Moderately critical Where: From remote Impact: System access Released: 2007-10-08 Gentoo has issued an update for libsndfile. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/27100/ -- [SA27099] Gentoo update for libvorbis Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-10-08 Gentoo has issued an update for libvorbis. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/27099/ -- [SA27086] Gentoo update for tk Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-10-08 Gentoo has issued an update for tk. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/27086/ -- [SA27071] Ubuntu update for libsndfile Critical: Moderately critical Where: From remote Impact: System access Released: 2007-10-05 Ubuntu has issued an update for libsndfile. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/27071/ -- [SA27176] Sun Solaris X Font Server Multiple Vulnerabilities Critical: Moderately critical Where: From local network Impact: System access Released: 2007-10-11 Sun has acknowledged some vulnerabilities in Sun Solaris, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27176/ -- [SA27160] OpenBSD dhcpd Buffer Overflow Vulnerability Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2007-10-10 A vulnerability has been reported in OpenBSD, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27160/ -- [SA27150] Red Hat update for pwlib Critical: Less critical Where: From remote Impact: DoS Released: 2007-10-09 Red Hat has issued an update for pwlib. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27150/ -- [SA27119] Minki "page" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-10-08 r0t has discovered a vulnerability in Minki, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/27119/ -- [SA27108] Red Hat update for kdelibs Critical: Less critical Where: From remote Impact: Cross Site Scripting, Spoofing Released: 2007-10-08 Red Hat has issued an update for kdelibs. This fixes some vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks. Full Advisory: http://secunia.com/advisories/27108/ -- [SA27106] Red Hat update for kdebase Critical: Less critical Where: From remote Impact: Security Bypass, Spoofing Released: 2007-10-08 Red Hat has issued an update for kdebase. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/27106/ -- [SA27096] Fedora update for kdebase Critical: Less critical Where: From remote Impact: Security Bypass, Spoofing Released: 2007-10-09 Fedora has issued an update for kdebase. This fixes a security issue and some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/27096/ -- [SA27090] Fedora update for kdelibs Critical: Less critical Where: From remote Impact: Spoofing Released: 2007-10-09 Fedora has issued an update for kdelibs. This fixes some vulnerabilities, which can be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/27090/ -- [SA27155] Ubuntu update for mysql Critical: Less critical Where: From local network Impact: Security Bypass, Privilege escalation, DoS Released: 2007-10-11 Ubuntu has issued an update for mysql. This fixes some vulnerabilities and security issues, which can be exploited by malicious users to gain escalated privileges, bypass certain security restrictions and cause a DoS (Denial of Service) or malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/27155/ -- [SA27132] Fedora update for elinks Critical: Less critical Where: From local network Impact: Exposure of sensitive information Released: 2007-10-09 Fedora has issued an update for elinks. This fixes a weakness, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/27132/ -- [SA27125] rPath update for elinks Critical: Less critical Where: From local network Impact: Exposure of sensitive information Released: 2007-10-08 rPath has issued an update for elinks. This fixes a weakness, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/27125/ -- [SA27168] Debian update for xfs Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2007-10-10 Debian has issued an update for xfs. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/27168/ -- [SA27161] Ubuntu update for xen Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2007-10-10 Ubuntu has issued an update for xen. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/27161/ -- [SA27147] Avaya Products X.org X11 Composite Pixmap Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2007-10-09 Avaya has acknowledged a vulnerability in various Avaya products, which potentially can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/27147/ -- [SA27141] rPath update for xen Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2007-10-09 rPath has issued an update for xen. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/27141/ -- [SA27111] ldapscripts Command Line User Credentials Disclosure Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2007-10-09 A security issue has been reported in ldapscripts, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/27111/ -- [SA27103] Fedora update for xen Critical: Less critical Where: Local system Impact: Security Bypass, Privilege escalation Released: 2007-10-09 Fedora has issued an update for xen. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions or gain escalated privileges. Full Advisory: http://secunia.com/advisories/27103/ -- [SA27085] Debian update for xen-utils Critical: Less critical Where: Local system Impact: Security Bypass, Privilege escalation Released: 2007-10-08 Debian has issued an update for xen-utils. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions or gain escalated privileges. Full Advisory: http://secunia.com/advisories/27085/ -- [SA27079] Ubuntu update for debian-goodies Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2007-10-05 Ubuntu has issued an update for debian-goodies. This fixes a vulnerability, which can be exploited by malicious, local users to perform actions with escalated privileges. Full Advisory: http://secunia.com/advisories/27079/ -- [SA27076] guilt Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2007-10-05 Some vulnerabilities have been reported in guilt, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/27076/ -- [SA27072] Fedora update for xen Critical: Less critical Where: Local system Impact: Security Bypass, Privilege escalation Released: 2007-10-05 Fedora has issued an update for xen. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and gain escalated privileges. Full Advisory: http://secunia.com/advisories/27072/ -- [SA27088] Fedora update for pidgin Critical: Not critical Where: From remote Impact: DoS Released: 2007-10-05 Fedora has issued an update for pidgin. This fixes a weakness, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27088/ -- [SA27101] Fedora update for kernel Critical: Not critical Where: From local network Impact: Exposure of sensitive information Released: 2007-10-09 Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/27101/ -- [SA27188] Fedora update for util-linux Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2007-10-11 Fedora has issued an update for util-linux. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/27188/ -- [SA27154] Sun Solaris Virtual File System (VFS) Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2007-10-10 Sun has acknowledged a vulnerability in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27154/ -- [SA27152] Sun Solaris Trusted Extensions "labeld" Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2007-10-10 Sun has acknowledged two vulnerabilities in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27152/ -- [SA27135] Sun Solaris vuidmice Streams Modules Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2007-10-09 A security issue has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27135/ -- [SA27104] rPath update for util-linux Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2007-10-09 rPath has issued an update for util-linux. This fixes a vulnerability, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/27104/ -- [SA27098] Gentoo update for qgit Critical: Not critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation Released: 2007-10-08 Gentoo has issued an update for qgit. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/27098/ -- [SA27089] Fedora update for kdebase Critical: Not critical Where: Local system Impact: Security Bypass Released: 2007-10-05 Fedora has issued an update for kdebase. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/27089/ Other:-- [SA27084] OpenVMS Denial of Service Vulnerabilities Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-10-05 Some vulnerabilities have been reported in OpenVMS, which can be exploited by malicious, local users and by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27084/ -- [SA27169] Cisco IOS Line Printer Daemon Buffer Overflow Vulnerability Critical: Not critical Where: From local network Impact: DoS, System access Released: 2007-10-11 Andy Davis has reported a vulnerability in Cisco IOS, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27169/ -- [SA27175] Sun Solaris 10 BSM Network Auditing Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2007-10-11 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27175/ Cross Platform:-- [SA27174] Knowledgeroot Knowledgebase FCKEditor PHP File Upload Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-11 A vulnerability has been reported in Knowledgeroot Knowledgebase, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27174/ -- [SA27172] NuSEO.PHP "nuseo_dir" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2007-10-11 BiNgZa has discovered a vulnerability in NuSEO.PHP, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27172/ -- [SA27140] xKiosk WEB "PEARPATH" Remote File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-09 BorN To K!LL has reported a vulnerability in xKiosk WEB, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27140/ -- [SA27123] FCKEditor PHP File Upload Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2007-10-11 Janek Vind has reported a vulnerability in FCKEditor, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27123/ -- [SA27199] ViArt Shop iDEAL Information Disclosure Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2007-10-11 A vulnerability has been reported in ViArt Shop, which can be exploited by malicious people to gain knowledge of sensitive and system information. Full Advisory: http://secunia.com/advisories/27199/ -- [SA27159] LedgerSMB Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2007-10-10 Some vulnerabilities have been reported in LedgerSMB, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/27159/ -- [SA27142] TYPOlight webCMS "preview.php" Arbitrary File Download Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2007-10-09 Stephan Munz has reported a vulnerability in TYPOlight webCMS, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/27142/ -- [SA27138] Softbiz Jobs and Recruitment Script "cid" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2007-10-09 IRCRASH has reported a vulnerability in Softbiz Jobs and Recruitment Script, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/27138/ -- [SA27137] Wesnoth UTF-8 Denial of Service Vulnerability Critical: Moderately critical Where: From remote Impact: DoS Released: 2007-10-10 A vulnerability has been reported in Wesnoth, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27137/ -- [SA27114] SkaDate "view_mode" Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2007-10-08 SnIpEr_SA has reported a vulnerability in SkaDate, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/27114/ -- [SA27109] TorrentTrader Cross-Site Scripting and Local File Inclusion Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2007-10-09 HACKERS PAL has discovered some vulnerabilities in TorrentTrader, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose sensitive information. Full Advisory: http://secunia.com/advisories/27109/ -- [SA27107] DropTeam Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS, System access Released: 2007-10-08 Luigi Auriemma has reported some vulnerabilities in DropTeam, which can be exploited by malicious people to disclose sensitive information or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27107/ -- [SA27091] wzdftpd "do_login_loop()" Off-By-One Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-10-08 k1tk4t has discovered a vulnerability in wzdftpd, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27091/ -- [SA27083] The Dawn of Time HTTP Authentication Format String Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2007-10-08 Luigi Auriemma has reported a vulnerability in The Dawn of Time, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/27083/ -- [SA27194] Interspire ActiveKB NX "page" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-10-11 durito has reported a vulnerability in ActiveKB NX, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/27194/ -- [SA27173] phpMyAdmin "setup.php" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-10-11 Omer Singer has reported a vulnerability in phpMyAdmin, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/27173/ -- [SA27163] DNews dnewsweb Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-10-10 Doz has discovered two vulnerabilities in DNews, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/27163/ -- [SA27130] libpng ICC Profile Chunk Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2007-10-08 A vulnerability has been reported in libpng, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27130/ -- [SA27127] PWLib "PString::vsprintf()" Denial of Service Vulnerability Critical: Less critical Where: From remote Impact: DoS Released: 2007-10-09 A vulnerability has been discovered in PWLib, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27127/ -- [SA27093] libpng Multiple Denial of Service Vulnerabilities Critical: Less critical Where: From remote Impact: DoS Released: 2007-10-08 Some vulnerabilities have been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27093/ -- [SA27073] MailBee WebMail Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2007-10-09 Ivan Javier Sanchez has reported some vulnerabilities in MailBee WebMail, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/27073/ -- [SA27074] Hitachi Cosminexus Agent Unspecified Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2007-10-05 A vulnerability has been reported in Hitachi Cosminexus Agent, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27074/ -- [SA27145] util-linux Privilege Escalation Vulnerability Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2007-10-09 A vulnerability has been reported in util-linux, which potentially can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/27145/ -- [SA27121] WebSphere Application Server for z/OS HTTP Server Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2007-10-09 IBM has acknowledged a vulnerability in WebSphere Application Server for z/OS, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/27121/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 __________________________________________________________________ CSI 2007 is the only conference that delivers a business-focused overview of enterprise security. It will convene 1,500+ delegates, 80 exhibitors and features 100+ sessions/seminars providing a roadmap for integrating policies and procedures with new tools and techniques. Register now for savings on conference fees and/or free exhibits admission. - www.csiannual.com
This archive was generated by hypermail 2.1.3 : Fri Oct 12 2007 - 08:36:11 PDT