[ISN] Secunia Weekly Summary - Issue: 2007-52

From: InfoSec News (alerts@private)
Date: Fri Dec 28 2007 - 01:25:25 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2007-12-20 - 2007-12-27                        

                       This week: 42 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

More than 20% of all applications installed on users PC's have known
security flaws but the user have yet to install the patch provided by
the vendor of product.

Read the full blog:
http://secunia.com/blog/17/

Download and test the Secunia PSI today:
https://psi.secunia.com/

========================================================================
2) This Week in Brief:

A highly critical vulnerability has been reported in IBM Lotus Domino
Web Access, which can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to a boundary error in the dwa7.dwa7.1
ActiveX control (dwa7W.dll) when handling strings assigned to the
"General_ServerName" property. This can be exploited to cause a
stack-based buffer overflow by assigning an overly long string to the
affected property and then calling the "InstallBrowserHelperDll()"
method.

Successful exploitation allows execution of arbitrary code.

The vulnerability is reported in dwa7W.dll version 7.0.34.1 and
reportedly affects IBM Lotus Domino 6.x and 7.x. Other versions may
also be affected.

The vulnerability is currently unpatched, so users are urged to prevent
possible exploitation by setting the kill-bit for the affected method.

For more information:
http://secunia.com/advisories/28184/

 --

Some highly critical vulnerabilities have been discovered in VLC Media
Player, which can be exploited by malicious people to compromise a
user's system.

Boundary errors in the "ParseMicroDvd()", "ParseSSA()", and
"ParseVplayer()" functions when handling subtitles can be exploited to
cause stack-based buffer overflows.

A format string error in the web interface listening on port 8080/TCP,
which is disabled by default, can be exploited via a specially crafted
HTTP request with a "Connection" header value containing format
specifiers.

Successful exploitation of the vulnerabilities allows execution of
arbitrary code.

The vulnerabilities are confirmed in version 0.8.6d. Other versions may
also be affected. The vendor has released a fixed version in their SVN
repository.

For more information:
http://secunia.com/advisories/28233/

 --

A highly critical vulnerability has been discovered in Total Player,
which potentially can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to a boundary error when constructing
an absolute path to a file referenced within an M3U playlist. This can
be exploited to cause a stack-based buffer overflow via an overly long
string in a playlist file.

Successful exploitation may allow execution of arbitrary code. The
vulnerability is currently unpatched, so users are urged to avoid
opening untrusted playlists to avoid possible exploitation.

For more information:
http://secunia.com/advisories/28236/

 --

VIRUS ALERTS:

During the past week Secunia collected 121 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA28161] Adobe Flash Player Multiple Vulnerabilities
2.  [SA28184] IBM Lotus Domino Web Access Control ActiveX Control
              Buffer Overflow
3.  [SA28186] Sun Java System Web Proxy Server Multiple Vulnerabilities
4.  [SA28166] Google Toolbar Custom Button Installer Dialog Spoofing
              Weakness
5.  [SA28174] IBM DB2 Content Manager eClient Unspecified Scripting
              Vulnerability
6.  [SA28102] Novell GroupWise Client HTML E-Mail Processing Buffer
              Overflow
7.  [SA28196] IBM HTTP Server Two Cross-Site Scripting Vulnerabilities
8.  [SA28180] Fedora BIND "/etc/rndc.key" Insecure File Permissions
9.  [SA28191] HP-UX rpc.yppasswdd Unspecified Denial of Service
              Vulnerability
10. [SA28197] Fedora update for wireshark

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA28236] Total Player M3U Playlist Parsing Buffer Overflow
[SA28218] Mercury LoadRunner XUpload ActiveX Control Buffer Overflow
[SA28215] WinAce UUE File Decompression Buffer Overflow
[SA28214] Zoom Player Error Message Buffer Overflow Vulnerability
[SA28205] Groove Virtual Office XUpload ActiveX Control Buffer
Overflow
[SA28234] Ada Image Server Multiple Vulnerabilities
[SA28208] WinUAE Floppy Disk Image File Loading Buffer Overflow
[SA28206] Web Sihirbazi "default.asp" SQL Injection
[SA28193] Aeries Browser Interface "EmailAddress" SQL Injection
[SA28252] IPortalX Multiple Cross-Site Scripting Vulnerabilities

UNIX/Linux:
[SA28246] Fedora update for gallery2
[SA28213] SUSE update for flash-player
[SA28201] PMOS Help Desk PHP Code Execution and Security Bypass
[SA28238] Bitflu StorageFarabDb Security Bypass Vulnerability
[SA28207] Fedora update for wireshark
[SA28198] Moodle MRBS Module "id" SQL Injection
[SA28197] Fedora update for wireshark
[SA28195] Fedora update for libexif
[SA28200] Debian update for cupsys
[SA28241] GreaseKit / Creammonkey GM API Vulnerability
[SA28224] Sun Solaris Apache Cross-Site Scripting and Denial of
Service
[SA28212] Sun Solaris Apache Cross-Site Scripting and Denial of
Service

Other:
[SA28191] HP-UX rpc.yppasswdd Unspecified Denial of Service
Vulnerability
[SA28192] HP Tru64 UNIX FFM Unspecified Denial of Service
Vulnerability

Cross Platform:
[SA28251] Mambo Multiple Vulnerabilities
[SA28245] NmnNewsletter "output" File Inclusion Vulnerability
[SA28240] Shadowed Portal File Inclusion and PHP Code Execution
[SA28233] VLC Media Player Multiple Vulnerabilities
[SA28230] phpAutoVideo Two File Inclusion Vulnerabilities
[SA28250] XZero Community Classifieds "subcatid" SQL Injection
[SA28242] mBlog "page" Local File Inclusion Vulnerability
[SA28232] MailMachinePRO "id" SQL Injection Vulnerability
[SA28225] TikiWiki Multiple Vulnerabilities
[SA28217] TCPreen FD_SET Buffer Overflow Vulnerability
[SA28202] CuteNews "search.php" Information Disclosure
[SA28188] Woltlab Burning Board Lite "search.php" SQL Injection
Vulnerabilities
[SA28239] PDFlib "pdc_fsearch_fopen()" Buffer Overflow Vulnerability
[SA28235] SimpleForum "searchkey" Cross-Site Scripting Vulnerability
[SA28216] Sun Java System Web Server / Web Proxy Server Cross-Site
Scripting
[SA28196] IBM HTTP Server Two Cross-Site Scripting Vulnerabilities
[SA28190] Limbo "com_option" Cross-Site Scripting
[SA28237] Novell Identity Manager asampsp Denial of Service

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA28236] Total Player M3U Playlist Parsing Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-12-26

David G.M. has discovered a vulnerability in Total Player, which
potentially can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/28236/

 --

[SA28218] Mercury LoadRunner XUpload ActiveX Control Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-12-26

A vulnerability has been discovered in HP Mercury LoadRunner, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28218/

 --

[SA28215] WinAce UUE File Decompression Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-12-25

A vulnerability has been reported in WinAce, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28215/

 --

[SA28214] Zoom Player Error Message Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-12-25

Luigi Auriemma has discovered a vulnerability in Zoom Player, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28214/

 --

[SA28205] Groove Virtual Office XUpload ActiveX Control Buffer
Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-12-26

A vulnerability has been discovered in Groove Virtual Office, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28205/

 --

[SA28234] Ada Image Server Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released:    2007-12-25

Some vulnerabilities have been discovered in Ada Image Server, which
can be exploited by malicious people to conduct cross-site scripting
attacks or gain knowledge of sensitive information.

Full Advisory:
http://secunia.com/advisories/28234/

 --

[SA28208] WinUAE Floppy Disk Image File Loading Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2007-12-24

Luigi Auriemma has discovered a vulnerability in WinUAE, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28208/

 --

[SA28206] Web Sihirbazi "default.asp" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-12-26

bypas has reported two vulnerabilities in Web Sihirbazi, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28206/

 --

[SA28193] Aeries Browser Interface "EmailAddress" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-12-21

Aria-Security Team have reported a vulnerability in Aeries Browser
Interface (ABI), which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28193/

 --

[SA28252] IPortalX Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-12-27

Doz has reported some vulnerabilities in IPortalX, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28252/


UNIX/Linux:--

[SA28246] Fedora update for gallery2

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2007-12-26

Fedora has issued an update for gallery2. This fixes some
vulnerabilities and a weakness, where some have unspecified impacts and
others can be exploited by malicious users or malicious people to
disclose sensitive information, conduct cross-site scripting attacks,
bypass certain security restrictions, and potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/28246/

 --

[SA28213] SUSE update for flash-player

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, Security Bypass, Cross Site Scripting,
Manipulation of data, Exposure of sensitive information, Privilege
escalation, DoS, System access
Released:    2007-12-24

SUSE has issued an update for flash-player. This fixes some
vulnerabilities, where one vulnerability has an unknown impact and
others can be exploited by malicious, local users to gain escalated
privileges and by malicious people to bypass certain security
restrictions, conduct cross-site scripting and HTTP request splitting
attacks, disclose sensitive information, cause a Denial of Service
(DoS), or to potentially compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28213/

 --

[SA28201] PMOS Help Desk PHP Code Execution and Security Bypass

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2007-12-26

EgiX has discovered a vulnerability in PMOS Help Desk, which can be
exploited by malicious people to bypass certain security restrictions
and to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28201/

 --

[SA28238] Bitflu StorageFarabDb Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-12-27

A vulnerability has been reported in Bitflu, which can be exploited by
malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/28238/

 --

[SA28207] Fedora update for wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-12-24

Fedora has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28207/

 --

[SA28198] Moodle MRBS Module "id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-12-24

root at hanicker.it has reported a vulnerability in the MRBS Module for
Moodle, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/28198/

 --

[SA28197] Fedora update for wireshark

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-12-21

Fedora has issued an update for wireshark. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28197/

 --

[SA28195] Fedora update for libexif

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-12-21

Fedora has issued an update for libexif. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/28195/

 --

[SA28200] Debian update for cupsys

Critical:    Moderately critical
Where:       From local network
Impact:      Privilege escalation, DoS, System access
Released:    2007-12-27

Debian has issued an update for cupsys. This fixes a security issue and
a vulnerability, which can be exploited by malicious, local users to
perform certain actions with escalated privileges, and by malicious
people to cause a DoS (Denial of Service) or to potentially compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28200/

 --

[SA28241] GreaseKit / Creammonkey GM API Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2007-12-26

A vulnerability was reported in GreaseKit / Creammonkey, which can be
exploited by malicious people to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/28241/

 --

[SA28224] Sun Solaris Apache Cross-Site Scripting and Denial of
Service

Critical:    Not critical
Where:       From remote
Impact:      Cross Site Scripting, DoS
Released:    2007-12-24

Sun has acknowledged some vulnerabilities in Apache for Solaris, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service) and by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/28224/

 --

[SA28212] Sun Solaris Apache Cross-Site Scripting and Denial of
Service

Critical:    Not critical
Where:       From remote
Impact:      Cross Site Scripting, DoS
Released:    2007-12-24

Sun has acknowledged some vulnerabilities in Apache for Solaris, which
can be exploited by malicious, local users to cause a DoS (Denial of
Service) and by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/28212/


Other:--

[SA28191] HP-UX rpc.yppasswdd Unspecified Denial of Service
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-12-21

A vulnerability has been reported in HP-UX, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28191/

 --

[SA28192] HP Tru64 UNIX FFM Unspecified Denial of Service
Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2007-12-21

A vulnerability has been reported in HP Tru64 UNIX, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/28192/


Cross Platform:--

[SA28251] Mambo Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, Cross Site Scripting, System access
Released:    2007-12-27

Some vulnerabilities have been reported in Mambo, one with an unknown
impact and others, which can be exploited by malicious people to
conduct cross-site scripting attacks or to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/28251/

 --

[SA28245] NmnNewsletter "output" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-12-26

CraCkEr has discovered a vulnerability in NmnNewsletter, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28245/

 --

[SA28240] Shadowed Portal File Inclusion and PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-12-26

The:Paradox has discovered two vulnerabilities in Shadowed Portal,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/28240/

 --

[SA28233] VLC Media Player Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2007-12-25

Some vulnerabilities have been discovered in VLC Media Player, which
can be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28233/

 --

[SA28230] phpAutoVideo Two File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, System access
Released:    2007-12-25

MhZ91 has reported two vulnerabilities in phpAutoVideo, which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28230/

 --

[SA28250] XZero Community Classifieds "subcatid" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-12-27

Kw3rLn has reported a vulnerability in XZero Community Classifieds,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/28250/

 --

[SA28242] mBlog "page" Local File Inclusion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2007-12-25

irk4z has discovered a vulnerability in mBlog, which can be exploited
by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/28242/

 --

[SA28232] MailMachinePRO "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, Manipulation of data
Released:    2007-12-26

MhZ91 has reported a vulnerability in MailMachinePRO, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28232/

 --

[SA28225] TikiWiki Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Cross Site Scripting
Released:    2007-12-24

Some vulnerabilities have been reported in TikiWiki, where some have
unknown impacts and others can be exploited by malicious people to
conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28225/

 --

[SA28217] TCPreen FD_SET Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2007-12-25

A vulnerability has been reported in TCPreen, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28217/

 --

[SA28202] CuteNews "search.php" Information Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2007-12-24

Janek Vind has reported some vulnerabilities in CuteNews, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/28202/

 --

[SA28188] Woltlab Burning Board Lite "search.php" SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2007-12-21

nbbn has discovered some vulnerabilities in Wotlab Burning Board Lite,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/28188/

 --

[SA28239] PDFlib "pdc_fsearch_fopen()" Buffer Overflow Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2007-12-25

poplix has discovered a vulnerability in PDFlib, which can be exploited
by malicious people to cause a DoS (Denial of Service) or potentially
compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/28239/

 --

[SA28235] SimpleForum "searchkey" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-12-25

Jose Luis Gngora Fernndez has reported a vulnerability in SimpleForum
 Pro, which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/28235/

 --

[SA28216] Sun Java System Web Server / Web Proxy Server Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-12-24

Some vulnerabilities have been reported in Sun Java System Web Server /
Web Proxy Server, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28216/

 --

[SA28196] IBM HTTP Server Two Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-12-21

IBM has acknowledged two vulnerabilities in IBM HTTP Server, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/28196/

 --

[SA28190] Limbo "com_option" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2007-12-26

Omer Singer has discovered a vulnerability in Limbo, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28190/

 --

[SA28237] Novell Identity Manager asampsp Denial of Service

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2007-12-26

A vulnerability has been reported in Novell Identity Manager, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28237/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/



This archive was generated by hypermail 2.1.3 : Fri Dec 28 2007 - 01:35:20 PST