======================================================================== The Secunia Weekly Advisory Summary 2008-01-25 - 2008-02-01 This week: 76 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: The Secunia PSI reached an important milestone - a quarter of a million users! Read the full blog: http://secunia.com/blog/19/ Join the many Secunia PSI users: https://psi.secunia.com/ ======================================================================== 2) This Week in Brief: A highly critical vulnerability has been discovered in MySpace Uploader Control, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the MySpace.Uploader.4.1 ActiveX control (MySpaceUploader.ocx) when handling strings assigned to the "Action" property. This can be exploited to cause a stack-based buffer overflow and allow the execution of arbitrary code by assigning an overly long (greater than 260 characters) string to the affected property. The vulnerability, which is currently unpatched, is confirmed in MySpaceUploader.ocx version 1.0.0.5 and reported in version 1.0.0.4. Other versions may also be affected. Users are advised to set the kill-bit for the ActiveX control as a temporary solution. Reference: http://secunia.com/advisories/28715/ - A highly critical vulnerability has been discovered in the FlashPix plug-in for the popular image viewer IrfanView, which potentially can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the FlashPix plug-in (fpx.dll) when processing FlashPix (*.fpx) files. This can be exploited to cause a heap corruption and allow the execution of arbitrary code by e.g. tricking a user into opening a specially crafted FlashPix file. The vulnerability, which is currently unpatched, is confirmed in version 3.9.8.0 of fpx.dll. Other versions may also be affected. Users are advised to avoid opening untrusted FlashPix (*.fpx) files. Reference: http://secunia.com/advisories/28688/ - Some moderately critical vulnerabilities have been reported in Firebird, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. A boundary error within the processing of usernames can be exploited to cause a stack-based buffer overflow via an overly long username. Successful exploitation may allow execution of arbitrary code. Input validation errors within the processing of network packets can be exploited to cause the server to crash by sending specially crafted packets to an affected system. The vulnerabilities are reported in version 2.0.3, 2.0.2, 2.0.1, 1.5.4, 2.0.0, 1.0.3, and 2.1 Beta 2. The errors in input validation are also reported in version 1.5.5. Users are advised to upgrade to version 2.1 RC1, which fixes these vulnerabilities, as a workaround. Reference: http://secunia.com/advisories/28596/ - Cisco has acknowledged a moderately critical vulnerability in Cisco Wireless Control System (WCS), which can be exploited by malicious people to compromise a vulnerable system. The vulnerability, which is related to a previously-known vulnerability in Apache Tomcat JK Web Server Connector, can be exploited by malicious people to compromise a vulnerable system. Successful exploitation allows execution of arbitrary code. The vulnerability affects versions 3.x and 4.0.x prior to 4.0.100.0, and 4.1.x and 4.2.x prior to to version 4.2.62.0. Users are advised to upgrade to the latest secure versions made available by the vendor. Reference: http://secunia.com/advisories/28711/ -- VIRUS ALERTS: During the past week Secunia collected 170 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA28630] phpBB Private Message Deletion Cross-Site Request Forgery 2. [SA28575] International Components for Unicode Regular Expressions Vulnerabilities 3. [SA28647] Move Networks Upgrade Manager Upgrade Class ActiveX Control Buffer Overflow 4. [SA28636] SUSE Update for Multiple Packages 5. [SA28615] Red Hat update for icu 6. [SA28635] Docsvault Firebird Service Buffer Overflow Vulnerabilities 7. [SA28646] Seagull PHP Framework "files" Information Disclosure 8. [SA28644] ImageShack Toolbar FileUploader Class ActiveX Control "BuildSlideShow()" Insecure Method 9. [SA28628] Fedora update for kernel 10. [SA28641] Tiger Php News System "catid" SQL Injection ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA28733] Aurigma Image Uploader ActiveX Control "Action" Property Buffer Overflow [SA28724] SwiftView Viewer ActiveX Control/Plug-in Buffer Overflows [SA28715] MySpace Uploader Control ActiveX Control "Action" Property Buffer Overflow [SA28710] GFL SDK Radiance RGBE Buffer Overflow Vulnerability [SA28688] IrfanView FlashPix Plug-in Memory Corruption Vulnerability [SA28660] Persits Software XUpload "AddFile()" Method Buffer Overflows [SA28649] NamoInstaller ActiveX Control NamoInstall Class "Install()" Insecure Method [SA28647] Move Networks Upgrade Manager Upgrade Class ActiveX Control Buffer Overflow [SA28662] CandyPress Store SQL Injection and Cross-Site Scripting [SA28653] ASPired2Protect login.asp SQL Injection Vulnerabilities [SA28651] Pre Dynamic Institution Multiple SQL Injection Vulnerabilities [SA28689] IBM Informix Storage Manager XDR Library Multiple Vulnerabilities [SA28663] Proficy HMI/SCADA - CIMPLICITY w32rtr.exe Packet Processing Buffer Overflow [SA28735] Uniwin eCart Professional "rp" Cross-Site Scripting Vulnerability [SA28695] BitTorrent Web UI HTTP Request "Range" Header Processing Denial of Service [SA28686] uTorrent Web UI HTTP Request "Range" Header Processing Denial of Service [SA28675] SoftCart Multiple Cross-Site Scripting Vulnerabilities [SA28678] Proficy Real-Time Information Portal "Add WebSource" File Upload Vulnerability UNIX/Linux: [SA28725] Gnumeric XLS HLINK Opcode Processing Code Execution Vulnerability [SA28719] Gentoo update for peercast [SA28671] Debian update for yarssr [SA28720] Gentoo update for kazehakase [SA28716] Gentoo update for libxml2 [SA28714] Gentoo update for goffice [SA28674] Gentoo update for xine-lib [SA28673] Gentoo update for ngircd [SA28669] Fedora update for icu [SA28666] Fedora update for xine-lib [SA28658] SUSE update for php4 and php5 [SA28650] Gentoo update for maradns [SA28728] Gentoo update for xdg-utils [SA28726] OpenBSD bgplg "cmd" Cross-Site Scripting Vulnerability [SA28697] Gentoo update for netkit-ftpd [SA28661] AmpJuke "limit" Cross-Site Scripting Vulnerability [SA28648] Avaya Products e2fsprogs Integer Overflow Vulnerabilities [SA28645] Mandriva update for ruby [SA28679] Gentoo update for postgresql [SA28676] Fedora update for cups [SA28738] Ubuntu update for pulseaudio [SA28718] rPath update for xorg-x11 [SA28693] Avaya CMS Solaris X Window System and X Server Multiple Vulnerabilities [SA28665] PatchLink Update Client for Unix Insecure Temporary Files [SA28664] Fedora update for kernel [SA28672] Gentoo update for blam [SA28654] Linux Kernel minix File System Denial of Service Vulnerability Other: [SA28667] IBM Hardware Management Console Pegasus CIM Denial of Service [SA28690] Yamaha RT Series Routers Cross-Site Request Forgery Vulnerability [SA28655] F5 BIG-IP Application Security Manager "report_type" Cross-Site Scripting Cross Platform: [SA28731] Drupal Project Issue Tracking Module File Upload and Script Insertion [SA28704] Connectix Boards "template_path" File Inclusion Vulnerability [SA28685] Smart Publisher "filedata" PHP Code Execution [SA28682] Coppermine Photo Gallery Multiple Vulnerabilities [SA28652] Mambo LaiThai Multiple Vulnerabilities [SA28737] Nilson's Blogger Two Local File Inclusion Vulnerabilities [SA28732] Drupal Secure Site Module Security Bypass Vulnerability [SA28729] Drupal Comment Upload Module File Upload Vulnerability [SA28727] PHP Links "id" SQL Injection Vulnerability [SA28722] VirtueMart File Disclosure and Cross-Site Request Forgery Vulnerabilities [SA28717] Drupal OpenID Module "claimed_id" Authority Spoofing [SA28709] phpCMS "file" File Disclosure Vulnerability [SA28708] WordPress AdServe Plugin "id" SQL Injection [SA28702] WordPress WassUp Plugin "to_date" SQL Injection Vulnerability [SA28691] Bigware Shop "pollid" SQL Injection Vulnerability [SA28683] WordPress WP-Cal Plugin "id" SQL Injection [SA28681] Simple Forum Multiple Vulnerabilities [SA28670] Mambo Multiple Vulnerabilities [SA28656] phpIP Management Two SQL Injection Vulnerabilities [SA28646] Seagull PHP Framework "files" Information Disclosure [SA28711] Cisco Wireless Control System Apache Tomcat JK Web Server Connector Buffer Overflow [SA28746] Sun Java Runtime Environment External XML Entities Security Bypass [SA28742] Liferay Portal Multiple Vulnerabilities [SA28730] Drupal Userpoints Module Cross-Site Request Forgery Vulnerability [SA28692] Hal Networks Products Cross-Site Scripting Vulnerabilities [SA28687] Tripwire Enterprise Login Page Cross-Site Scripting Vulnerability [SA28684] webSPELL Cross-Site Scripting and Request Forgery [SA28680] Nucleus CMS URL Cross-Site Scripting Vulnerability ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA28733] Aurigma Image Uploader ActiveX Control "Action" Property Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-01 Elazar Broad has discovered a vulnerability in Aurigma Image Uploader, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28733/ -- [SA28724] SwiftView Viewer ActiveX Control/Plug-in Buffer Overflows Critical: Highly critical Where: From remote Impact: System access Released: 2008-01-31 Will Dormann has reported some vulnerabilities in SwiftView Viewer, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28724/ -- [SA28715] MySpace Uploader Control ActiveX Control "Action" Property Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-01-31 Elazar Broad has discovered a vulnerability in MySpace Uploader Control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28715/ -- [SA28710] GFL SDK Radiance RGBE Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-01-30 Secunia Research has discovered a vulnerability in GFL SDK, which can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/28710/ -- [SA28688] IrfanView FlashPix Plug-in Memory Corruption Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-01-29 Marsu has discovered a vulnerability in the FlashPix plug-in for IrfanView, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28688/ -- [SA28660] Persits Software XUpload "AddFile()" Method Buffer Overflows Critical: Highly critical Where: From remote Impact: System access Released: 2008-01-29 Some vulnerabilities have been discovered in Persits Software XUpload, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28660/ -- [SA28649] NamoInstaller ActiveX Control NamoInstall Class "Install()" Insecure Method Critical: Highly critical Where: From remote Impact: System access Released: 2008-01-28 plan-s has discovered a vulnerability in NamoInstaller ActiveX Control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28649/ -- [SA28647] Move Networks Upgrade Manager Upgrade Class ActiveX Control Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-01-25 Elazar Broad has discovered a vulnerability in Move Networks Upgrade Manager, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28647/ -- [SA28662] CandyPress Store SQL Injection and Cross-Site Scripting Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information Released: 2008-01-28 Some vulnerabilities have been reported in CandyPress Store, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks. Full Advisory: http://secunia.com/advisories/28662/ -- [SA28653] ASPired2Protect login.asp SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-01-29 Aria-Security Team has reported some vulnerabilities in ASPired2Protect, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28653/ -- [SA28651] Pre Dynamic Institution Multiple SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-01-28 Aria-Security Team have reported some vulnerabilities in Pre Dynamic Institution, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28651/ -- [SA28689] IBM Informix Storage Manager XDR Library Multiple Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-01-29 IBM has acknowledged some vulnerabilities in Informix Storage Manager, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28689/ -- [SA28663] Proficy HMI/SCADA - CIMPLICITY w32rtr.exe Packet Processing Buffer Overflow Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-01-28 Eyal Udassin has reported a vulnerability in Proficy HMI/SCADA - CIMPLICITY, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28663/ -- [SA28735] Uniwin eCart Professional "rp" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-01 sascha has reported a vulnerability in Uniwin eCart Professional, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28735/ -- [SA28695] BitTorrent Web UI HTTP Request "Range" Header Processing Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2008-01-29 Luigi Auriemma has discovered a vulnerability in BitTorrent, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28695/ -- [SA28686] uTorrent Web UI HTTP Request "Range" Header Processing Denial of Service Critical: Less critical Where: From remote Impact: DoS Released: 2008-01-29 Luigi Auriemma has discovered a vulnerability in uTorrent, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28686/ -- [SA28675] SoftCart Multiple Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-01-30 Russ McRee has reported some vulnerabilities in SoftCart, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28675/ -- [SA28678] Proficy Real-Time Information Portal "Add WebSource" File Upload Vulnerability Critical: Less critical Where: From local network Impact: System access Released: 2008-01-28 Eyal Udassin has reported a vulnerability in Proficy Real-Time Information Portal, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28678/ UNIX/Linux:-- [SA28725] Gnumeric XLS HLINK Opcode Processing Code Execution Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-01-31 A vulnerability has been reported in Gnumeric, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28725/ -- [SA28719] Gentoo update for peercast Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-01-31 Gentoo has issued an update for peercast. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28719/ -- [SA28671] Debian update for yarssr Critical: Highly critical Where: From remote Impact: System access Released: 2008-01-28 Debian has issued an update for yarssr. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28671/ -- [SA28720] Gentoo update for kazehakase Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS, System access Released: 2008-01-31 Gentoo has issued an update for kazehakase. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, and compromise a user's system. Full Advisory: http://secunia.com/advisories/28720/ -- [SA28716] Gentoo update for libxml2 Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-01-31 Gentoo has issued an update for libxml2. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28716/ -- [SA28714] Gentoo update for goffice Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information, DoS, System access Released: 2008-01-31 Gentoo has issued an update for goffice. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose potentially sensitive information, and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28714/ -- [SA28674] Gentoo update for xine-lib Critical: Moderately critical Where: From remote Impact: System access Released: 2008-01-28 Gentoo has issued an update for xine-lib. This fixes a vulnerability, which potentially can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28674/ -- [SA28673] Gentoo update for ngircd Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-01-28 Gentoo has issued an update for ngircd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28673/ -- [SA28669] Fedora update for icu Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-01-28 Fedora has issued an update for icu. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/28669/ -- [SA28666] Fedora update for xine-lib Critical: Moderately critical Where: From remote Impact: System access Released: 2008-01-29 Fedora has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28666/ -- [SA28658] SUSE update for php4 and php5 Critical: Moderately critical Where: From remote Impact: Security Bypass, Privilege escalation, DoS, System access Released: 2008-01-29 SUSE has issued an update for php4 and php5. This fixes some vulnerabilities, where some have unknown impacts and others can be exploited by malicious, local users to gain escalated privileges, malicious users to bypass certain security restrictions, and by malicious people to cause a DoS (Denial of Service) and potentially execute arbitrary code. Full Advisory: http://secunia.com/advisories/28658/ -- [SA28650] Gentoo update for maradns Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-01-30 Gentoo has issued an update for maradns. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28650/ -- [SA28728] Gentoo update for xdg-utils Critical: Less critical Where: From remote Impact: System access Released: 2008-01-31 Gentoo has issued an update for xdg-utils. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28728/ -- [SA28726] OpenBSD bgplg "cmd" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-01-31 Alexandr Polyakov and Anton Karpov have reported a vulnerability in OpenBSD bgplg, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28726/ -- [SA28697] Gentoo update for netkit-ftpd Critical: Less critical Where: From remote Impact: DoS Released: 2008-01-30 Gentoo has acknowledged a vulnerability in netkit-ftpd, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28697/ -- [SA28661] AmpJuke "limit" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-01-30 ShaFuck31 has reported a vulnerability in AmpJuke, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28661/ -- [SA28648] Avaya Products e2fsprogs Integer Overflow Vulnerabilities Critical: Less critical Where: From remote Impact: DoS, System access Released: 2008-01-25 Avaya has acknowledged some vulnerabilities in multiple Avaya products, which potentially can be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/28648/ -- [SA28645] Mandriva update for ruby Critical: Less critical Where: From remote Impact: Spoofing Released: 2008-01-31 Mandriva has issued an update for ruby. This fixes some security issues, which can be exploited by malicious people to conduct spoofing attacks. Full Advisory: http://secunia.com/advisories/28645/ -- [SA28679] Gentoo update for postgresql Critical: Less critical Where: From local network Impact: Privilege escalation, DoS Released: 2008-01-29 Gentoo has issued an update for postgresql. This fixes some vulnerabilities, which can be exploited by malicious users to gain escalated privileges or to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28679/ -- [SA28676] Fedora update for cups Critical: Less critical Where: From local network Impact: DoS Released: 2008-01-28 Fedora has issued an update for cups. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28676/ -- [SA28738] Ubuntu update for pulseaudio Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-01 Ubuntu has issued an update for pulseaudio. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/28738/ -- [SA28718] rPath update for xorg-x11 Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-01-31 rPath has issued an update for xorg-x11. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28718/ -- [SA28693] Avaya CMS Solaris X Window System and X Server Multiple Vulnerabilities Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-01-29 Avaya has acknowledged some vulnerabilities in Avaya CMS (Call Management System), which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28693/ -- [SA28665] PatchLink Update Client for Unix Insecure Temporary Files Critical: Less critical Where: Local system Impact: Manipulation of data, Privilege escalation Released: 2008-01-30 Larry W. Cashdollar has reported two security issues in the PatchLink Update client for Unix, which can be exploited by malicious, local users to truncate arbitrary files and to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28665/ -- [SA28664] Fedora update for kernel Critical: Less critical Where: Local system Impact: Security Bypass, Manipulation of data Released: 2008-01-29 Fedora has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to bypass certain security restrictions and corrupt a file system. Full Advisory: http://secunia.com/advisories/28664/ -- [SA28672] Gentoo update for blam Critical: Not critical Where: Local system Impact: Privilege escalation Released: 2008-01-28 Gentoo has issued an update for blam. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28672/ -- [SA28654] Linux Kernel minix File System Denial of Service Vulnerability Critical: Not critical Where: Local system Impact: DoS Released: 2008-01-28 A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28654/ Other:-- [SA28667] IBM Hardware Management Console Pegasus CIM Denial of Service Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-01-29 A vulnerability has been reported in IBM HMC, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28667/ -- [SA28690] Yamaha RT Series Routers Cross-Site Request Forgery Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-01-29 A vulnerability has been reported in Yamaha RT Series Routers, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/28690/ -- [SA28655] F5 BIG-IP Application Security Manager "report_type" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-01-28 nnposter has reported a vulnerability in F5 BIG-IP Application Security Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28655/ Cross Platform:-- [SA28731] Drupal Project Issue Tracking Module File Upload and Script Insertion Critical: Highly critical Where: From remote Impact: Cross Site Scripting, System access Released: 2008-01-31 Some vulnerabilities have been reported in the Project Issue Tracking module for Drupal, which can be exploited by malicious users to conduct script insertion attacks and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28731/ -- [SA28704] Connectix Boards "template_path" File Inclusion Vulnerability Critical: Highly critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information, System access Released: 2008-01-30 HouSSaMix has discovered a vulnerability in Connectix Boards, which can be exploited by malicious people to disclose sensitive information or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28704/ -- [SA28685] Smart Publisher "filedata" PHP Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2008-01-30 GoLd_M has reported a vulnerability in Smart Publisher, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28685/ -- [SA28682] Coppermine Photo Gallery Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, System access Released: 2008-01-30 Some vulnerabilities have been reported in Coppermine Photo Gallery, which can be exploited by malicious people to conduct cross-site scripting attacks or to compromise a vulnerable system and by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28682/ -- [SA28652] Mambo LaiThai Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Unknown, Manipulation of data, System access Released: 2008-01-29 Some vulnerabilities have been reported in Mambo LaiThai, some with an unknown impact and others, which can be exploited by malicious people to conduct SQL injection attacks or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28652/ -- [SA28737] Nilson's Blogger Two Local File Inclusion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-02-01 muuratsalo has discovered two vulnerabilities in Nilson's Blogger, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28737/ -- [SA28732] Drupal Secure Site Module Security Bypass Vulnerability Critical: Moderately critical Where: From remote Impact: Security Bypass Released: 2008-01-31 A vulnerability has been reported in the Secure Site module for Drupal, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/28732/ -- [SA28729] Drupal Comment Upload Module File Upload Vulnerability Critical: Moderately critical Where: From remote Impact: System access Released: 2008-01-31 A vulnerability has been reported in the Comment Upload Module for Drupal, which can be exploited by malicious users to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28729/ -- [SA28727] PHP Links "id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-01-31 Houssamix has discovered a vulnerability in PHP Links, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28727/ -- [SA28722] VirtueMart File Disclosure and Cross-Site Request Forgery Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-01-31 Two vulnerabilities have been reported in VirtueMart, which can be exploited by malicious people to conduct cross-site request forgery attacks or to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28722/ -- [SA28717] Drupal OpenID Module "claimed_id" Authority Spoofing Critical: Moderately critical Where: From remote Impact: Spoofing Released: 2008-01-31 A vulnerability has been reported in the OpenID module for Drupal, which can be exploited by malicious people to spoof OpenID authorities. Full Advisory: http://secunia.com/advisories/28717/ -- [SA28709] phpCMS "file" File Disclosure Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-01-30 Alexandr Polyakov and Stas Svistunovich have discovered a vulnerability in phpCMS, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28709/ -- [SA28708] WordPress AdServe Plugin "id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-01-30 enter_the_dragon has discovered a vulnerability in the AdServe plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28708/ -- [SA28702] WordPress WassUp Plugin "to_date" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-01-31 enter_the_dragon has reported a vulnerability in the WassUp plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28702/ -- [SA28691] Bigware Shop "pollid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-01-30 D4m14n has discovered a vulnerability in Bigware Shop, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28691/ -- [SA28683] WordPress WP-Cal Plugin "id" SQL Injection Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-01-29 Houssamix has discovered a vulnerability in the WP-Cal plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28683/ -- [SA28681] Simple Forum Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-01-29 tomplixsee has discovered some vulnerabilities in Simple Forum, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28681/ -- [SA28670] Mambo Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of system information Released: 2008-01-29 AmnPardaz Security Research Team have discovered some vulnerabilities and a weakness in Mambo, which can be exploited by malicious people to disclose system information, conduct cross-site scripting and cross-site request forgery attacks, and to manipulate data. Full Advisory: http://secunia.com/advisories/28670/ -- [SA28656] phpIP Management Two SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of sensitive information Released: 2008-01-28 Charles Hooper has discovered two vulnerabilities in phpIP Management, which can be exploited by malicious people and users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28656/ -- [SA28646] Seagull PHP Framework "files" Information Disclosure Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-01-25 fuzion has discovered a vulnerability in Seagull PHP Framework, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28646/ -- [SA28711] Cisco Wireless Control System Apache Tomcat JK Web Server Connector Buffer Overflow Critical: Moderately critical Where: From local network Impact: System access Released: 2008-01-31 Cisco has acknowledged a vulnerability in Cisco Wireless Control System (WCS), which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28711/ -- [SA28746] Sun Java Runtime Environment External XML Entities Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-02-01 Sun has acknowledged a security issue in Sun Java Runtime Environment (JRE), which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/28746/ -- [SA28742] Liferay Portal Multiple Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting, Spoofing Released: 2008-02-01 Tomasz Kuczynski has reported some vulnerabilities in Liferay Portal, which can be exploited by malicious people to conduct cross-site request forgery and phishing attacks, and by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/28742/ -- [SA28730] Drupal Userpoints Module Cross-Site Request Forgery Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-01-31 A vulnerability has been reported in the Userpoints module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/28730/ -- [SA28692] Hal Networks Products Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-01-30 Some vulnerabilities have been reported in Hal Networks products, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28692/ -- [SA28687] Tripwire Enterprise Login Page Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-01-31 Dave Lewis has reported a vulnerability in Tripwire Enterprise, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28687/ -- [SA28684] webSPELL Cross-Site Scripting and Request Forgery Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-01-31 NBBN has discovered two vulnerabilities in webSPELL, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/28684/ -- [SA28680] Nucleus CMS URL Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-01-30 Alexandr Polyakov and Stas Svistunovich have reported a vulnerability in Nucleus CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28680/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Mon Feb 04 2008 - 00:12:29 PST