[ISN] Secunia Weekly Summary - Issue: 2008-5

From: InfoSec News (alerts@private)
Date: Mon Feb 04 2008 - 00:02:36 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2008-01-25 - 2008-02-01                        

                       This week: 76 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

The Secunia PSI reached an important milestone - a quarter of a million
users!

Read the full blog:
http://secunia.com/blog/19/

Join the many Secunia PSI users:
https://psi.secunia.com/

========================================================================
2) This Week in Brief:

A highly critical vulnerability has been discovered in MySpace Uploader
Control, which can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to a boundary error in the
MySpace.Uploader.4.1 ActiveX control (MySpaceUploader.ocx) when
handling strings assigned to the "Action" property. This can be
exploited to cause a stack-based buffer overflow and allow the
execution of arbitrary code by assigning an overly long (greater than
260 characters) string to the affected property.

The vulnerability, which is currently unpatched, is confirmed in
MySpaceUploader.ocx version 1.0.0.5 and reported in version 1.0.0.4.
Other versions may also be affected.

Users are advised to set the kill-bit for the ActiveX control as a
temporary solution.

Reference:
http://secunia.com/advisories/28715/

 -

A highly critical vulnerability has been discovered in the FlashPix
plug-in for the popular image viewer IrfanView, which potentially can
be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within the FlashPix plug-in
(fpx.dll) when processing FlashPix (*.fpx) files. This can be exploited
to cause a heap corruption and allow the execution of arbitrary code by
e.g. tricking a user into opening a specially crafted FlashPix file.

The vulnerability, which is currently unpatched, is confirmed in
version 3.9.8.0 of fpx.dll. Other versions may also be affected.

Users are advised to avoid opening untrusted FlashPix (*.fpx) files.

Reference:
http://secunia.com/advisories/28688/

 -

Some moderately critical vulnerabilities have been reported in
Firebird, which can be exploited by malicious people to cause a DoS
(Denial of Service) or potentially to compromise a vulnerable system.

A boundary error within the processing of usernames can be exploited to
cause a stack-based buffer overflow via an overly long username.
Successful exploitation may allow execution of arbitrary code.

Input validation errors within the processing of network packets can be
exploited to cause the server to crash by sending specially crafted
packets to an affected system.

The vulnerabilities are reported in version 2.0.3, 2.0.2, 2.0.1, 1.5.4,
2.0.0, 1.0.3, and 2.1 Beta 2. The errors in input validation are also
reported in version 1.5.5.

Users are advised to upgrade to version 2.1 RC1, which fixes these
vulnerabilities, as a workaround.

Reference:
http://secunia.com/advisories/28596/

 -

Cisco has acknowledged a moderately critical vulnerability in Cisco
Wireless Control System (WCS), which can be exploited by malicious
people to compromise a vulnerable system.

The vulnerability, which is related to a previously-known vulnerability
in Apache Tomcat JK Web Server Connector, can be exploited by malicious
people to compromise a vulnerable system. Successful exploitation
allows execution of arbitrary code.

The vulnerability affects versions 3.x and 4.0.x prior to 4.0.100.0,
and 4.1.x and 4.2.x prior to to version 4.2.62.0. Users are advised to
upgrade to the latest secure versions made available by the vendor.

Reference:
http://secunia.com/advisories/28711/

 --

VIRUS ALERTS:

During the past week Secunia collected 170 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA28630] phpBB Private Message Deletion Cross-Site Request Forgery
2.  [SA28575] International Components for Unicode Regular Expressions
              Vulnerabilities
3.  [SA28647] Move Networks Upgrade Manager Upgrade Class ActiveX
              Control Buffer Overflow
4.  [SA28636] SUSE Update for Multiple Packages
5.  [SA28615] Red Hat update for icu
6.  [SA28635] Docsvault Firebird Service Buffer Overflow
              Vulnerabilities
7.  [SA28646] Seagull PHP Framework "files" Information Disclosure
8.  [SA28644] ImageShack Toolbar FileUploader Class ActiveX Control
              "BuildSlideShow()" Insecure Method
9.  [SA28628] Fedora update for kernel
10. [SA28641] Tiger Php News System "catid" SQL Injection

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA28733] Aurigma Image Uploader ActiveX Control "Action" Property
Buffer Overflow
[SA28724] SwiftView Viewer ActiveX Control/Plug-in Buffer Overflows
[SA28715] MySpace Uploader Control ActiveX Control "Action" Property
Buffer Overflow
[SA28710] GFL SDK Radiance RGBE Buffer Overflow Vulnerability
[SA28688] IrfanView FlashPix Plug-in Memory Corruption Vulnerability
[SA28660] Persits Software XUpload "AddFile()" Method Buffer Overflows
[SA28649] NamoInstaller ActiveX Control NamoInstall Class "Install()"
Insecure Method
[SA28647] Move Networks Upgrade Manager Upgrade Class ActiveX Control
Buffer Overflow
[SA28662] CandyPress Store SQL Injection and Cross-Site Scripting
[SA28653] ASPired2Protect login.asp SQL Injection Vulnerabilities
[SA28651] Pre Dynamic Institution Multiple SQL Injection
Vulnerabilities
[SA28689] IBM Informix Storage Manager XDR Library Multiple
Vulnerabilities
[SA28663] Proficy HMI/SCADA - CIMPLICITY w32rtr.exe Packet Processing
Buffer Overflow
[SA28735] Uniwin eCart Professional "rp" Cross-Site Scripting
Vulnerability
[SA28695] BitTorrent Web UI HTTP Request "Range" Header Processing
Denial of Service
[SA28686] uTorrent Web UI HTTP Request "Range" Header Processing Denial
of Service
[SA28675] SoftCart Multiple Cross-Site Scripting Vulnerabilities
[SA28678] Proficy Real-Time Information Portal "Add WebSource" File
Upload Vulnerability

UNIX/Linux:
[SA28725] Gnumeric XLS HLINK Opcode Processing Code Execution
Vulnerability
[SA28719] Gentoo update for peercast
[SA28671] Debian update for yarssr
[SA28720] Gentoo update for kazehakase
[SA28716] Gentoo update for libxml2
[SA28714] Gentoo update for goffice
[SA28674] Gentoo update for xine-lib
[SA28673] Gentoo update for ngircd
[SA28669] Fedora update for icu
[SA28666] Fedora update for xine-lib
[SA28658] SUSE update for php4 and php5
[SA28650] Gentoo update for maradns
[SA28728] Gentoo update for xdg-utils
[SA28726] OpenBSD bgplg "cmd" Cross-Site Scripting Vulnerability
[SA28697] Gentoo update for netkit-ftpd
[SA28661] AmpJuke "limit" Cross-Site Scripting Vulnerability
[SA28648] Avaya Products e2fsprogs Integer Overflow Vulnerabilities
[SA28645] Mandriva update for ruby
[SA28679] Gentoo update for postgresql
[SA28676] Fedora update for cups
[SA28738] Ubuntu update for pulseaudio
[SA28718] rPath update for xorg-x11
[SA28693] Avaya CMS Solaris X Window System and X Server Multiple
Vulnerabilities
[SA28665] PatchLink Update Client for Unix Insecure Temporary Files
[SA28664] Fedora update for kernel
[SA28672] Gentoo update for blam
[SA28654] Linux Kernel minix File System Denial of Service
Vulnerability

Other:
[SA28667] IBM Hardware Management Console Pegasus CIM Denial of
Service
[SA28690] Yamaha RT Series Routers Cross-Site Request Forgery
Vulnerability
[SA28655] F5 BIG-IP Application Security Manager "report_type"
Cross-Site Scripting

Cross Platform:
[SA28731] Drupal Project Issue Tracking Module File Upload and Script
Insertion
[SA28704] Connectix Boards "template_path" File Inclusion
Vulnerability
[SA28685] Smart Publisher "filedata" PHP Code Execution
[SA28682] Coppermine Photo Gallery Multiple Vulnerabilities
[SA28652] Mambo LaiThai Multiple Vulnerabilities
[SA28737] Nilson's Blogger Two Local File Inclusion Vulnerabilities
[SA28732] Drupal Secure Site Module Security Bypass Vulnerability
[SA28729] Drupal Comment Upload Module File Upload Vulnerability
[SA28727] PHP Links "id" SQL Injection Vulnerability
[SA28722] VirtueMart File Disclosure and Cross-Site Request Forgery
Vulnerabilities
[SA28717] Drupal OpenID Module "claimed_id" Authority Spoofing
[SA28709] phpCMS "file" File Disclosure Vulnerability
[SA28708] WordPress AdServe Plugin "id" SQL Injection
[SA28702] WordPress WassUp Plugin "to_date" SQL Injection
Vulnerability
[SA28691] Bigware Shop "pollid" SQL Injection Vulnerability
[SA28683] WordPress WP-Cal Plugin "id" SQL Injection
[SA28681] Simple Forum Multiple Vulnerabilities
[SA28670] Mambo Multiple Vulnerabilities
[SA28656] phpIP Management Two SQL Injection Vulnerabilities
[SA28646] Seagull PHP Framework "files" Information Disclosure
[SA28711] Cisco Wireless Control System Apache Tomcat JK Web Server
Connector Buffer Overflow
[SA28746] Sun Java Runtime Environment External XML Entities Security
Bypass
[SA28742] Liferay Portal Multiple Vulnerabilities
[SA28730] Drupal Userpoints Module Cross-Site Request Forgery
Vulnerability
[SA28692] Hal Networks Products Cross-Site Scripting Vulnerabilities
[SA28687] Tripwire Enterprise Login Page Cross-Site Scripting
Vulnerability
[SA28684] webSPELL Cross-Site Scripting and Request Forgery
[SA28680] Nucleus CMS URL Cross-Site Scripting Vulnerability

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA28733] Aurigma Image Uploader ActiveX Control "Action" Property
Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-01

Elazar Broad has discovered a vulnerability in Aurigma Image Uploader,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/28733/

 --

[SA28724] SwiftView Viewer ActiveX Control/Plug-in Buffer Overflows

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-01-31

Will Dormann has reported some vulnerabilities in SwiftView Viewer,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/28724/

 --

[SA28715] MySpace Uploader Control ActiveX Control "Action" Property
Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-01-31

Elazar Broad has discovered a vulnerability in MySpace Uploader
Control, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/28715/

 --

[SA28710] GFL SDK Radiance RGBE Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-01-30

Secunia Research has discovered a vulnerability in GFL SDK, which can
be exploited by malicious people to compromise an application using the
library.

Full Advisory:
http://secunia.com/advisories/28710/

 --

[SA28688] IrfanView FlashPix Plug-in Memory Corruption Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-01-29

Marsu has discovered a vulnerability in the FlashPix plug-in for
IrfanView, which potentially can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28688/

 --

[SA28660] Persits Software XUpload "AddFile()" Method Buffer Overflows

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-01-29

Some vulnerabilities have been discovered in Persits Software XUpload,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/28660/

 --

[SA28649] NamoInstaller ActiveX Control NamoInstall Class "Install()"
Insecure Method

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-01-28

plan-s has discovered a vulnerability in NamoInstaller ActiveX Control,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/28649/

 --

[SA28647] Move Networks Upgrade Manager Upgrade Class ActiveX Control
Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-01-25

Elazar Broad has discovered a vulnerability in Move Networks Upgrade
Manager, which can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/28647/

 --

[SA28662] CandyPress Store SQL Injection and Cross-Site Scripting

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information
Released:    2008-01-28

Some vulnerabilities have been reported in CandyPress Store, which can
be exploited by malicious people to conduct cross-site scripting and
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28662/

 --

[SA28653] ASPired2Protect login.asp SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-01-29

Aria-Security Team has reported some vulnerabilities in
ASPired2Protect, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28653/

 --

[SA28651] Pre Dynamic Institution Multiple SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-01-28

Aria-Security Team have reported some vulnerabilities in Pre Dynamic
Institution, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/28651/

 --

[SA28689] IBM Informix Storage Manager XDR Library Multiple
Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-01-29

IBM has acknowledged some vulnerabilities in Informix Storage Manager,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28689/

 --

[SA28663] Proficy HMI/SCADA - CIMPLICITY w32rtr.exe Packet Processing
Buffer Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-01-28

Eyal Udassin has reported a vulnerability in Proficy HMI/SCADA -
CIMPLICITY, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28663/

 --

[SA28735] Uniwin eCart Professional "rp" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-01

sascha has reported a vulnerability in Uniwin eCart Professional, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/28735/

 --

[SA28695] BitTorrent Web UI HTTP Request "Range" Header Processing
Denial of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-01-29

Luigi Auriemma has discovered a vulnerability in BitTorrent, which can
be exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28695/

 --

[SA28686] uTorrent Web UI HTTP Request "Range" Header Processing Denial
of Service

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-01-29

Luigi Auriemma has discovered a vulnerability in uTorrent, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28686/

 --

[SA28675] SoftCart Multiple Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-01-30

Russ McRee has reported some vulnerabilities in SoftCart, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28675/

 --

[SA28678] Proficy Real-Time Information Portal "Add WebSource" File
Upload Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      System access
Released:    2008-01-28

Eyal Udassin has reported a vulnerability in Proficy Real-Time
Information Portal, which can be exploited by malicious users to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28678/


UNIX/Linux:--

[SA28725] Gnumeric XLS HLINK Opcode Processing Code Execution
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-01-31

A vulnerability has been reported in Gnumeric, which can be exploited
by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28725/

 --

[SA28719] Gentoo update for peercast

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-01-31

Gentoo has issued an update for peercast. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28719/

 --

[SA28671] Debian update for yarssr

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-01-28

Debian has issued an update for yarssr. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/28671/

 --

[SA28720] Gentoo update for kazehakase

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-01-31

Gentoo has issued an update for kazehakase. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), disclose potentially sensitive information,
and compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28720/

 --

[SA28716] Gentoo update for libxml2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-01-31

Gentoo has issued an update for libxml2. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/28716/

 --

[SA28714] Gentoo update for goffice

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-01-31

Gentoo has issued an update for goffice. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service), disclose potentially sensitive information,
and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28714/

 --

[SA28674] Gentoo update for xine-lib

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-01-28

Gentoo has issued an update for xine-lib. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/28674/

 --

[SA28673] Gentoo update for ngircd

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-01-28

Gentoo has issued an update for ngircd. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/28673/

 --

[SA28669] Fedora update for icu

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-01-28

Fedora has issued an update for icu. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/28669/

 --

[SA28666] Fedora update for xine-lib

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-01-29

Fedora has issued an update for xine-lib. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/28666/

 --

[SA28658] SUSE update for php4 and php5

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation, DoS, System access
Released:    2008-01-29

SUSE has issued an update for php4 and php5. This fixes some
vulnerabilities, where some have unknown impacts and others can be
exploited by malicious, local users to gain escalated privileges,
malicious users to bypass certain security restrictions, and by
malicious people to cause a DoS (Denial of Service) and potentially
execute arbitrary code.

Full Advisory:
http://secunia.com/advisories/28658/

 --

[SA28650] Gentoo update for maradns

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-01-30

Gentoo has issued an update for maradns. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/28650/

 --

[SA28728] Gentoo update for xdg-utils

Critical:    Less critical
Where:       From remote
Impact:      System access
Released:    2008-01-31

Gentoo has issued an update for xdg-utils. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28728/

 --

[SA28726] OpenBSD bgplg "cmd" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-01-31

Alexandr Polyakov and Anton Karpov have reported a vulnerability in
OpenBSD bgplg, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28726/

 --

[SA28697] Gentoo update for netkit-ftpd

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-01-30

Gentoo has acknowledged a vulnerability in netkit-ftpd, which can be
exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28697/

 --

[SA28661] AmpJuke "limit" Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-01-30

ShaFuck31 has reported a vulnerability in AmpJuke, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28661/

 --

[SA28648] Avaya Products e2fsprogs Integer Overflow Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-01-25

Avaya has acknowledged some vulnerabilities in multiple Avaya products,
which potentially can be exploited by malicious people to compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/28648/

 --

[SA28645] Mandriva update for ruby

Critical:    Less critical
Where:       From remote
Impact:      Spoofing
Released:    2008-01-31

Mandriva has issued an update for ruby. This fixes some security
issues, which can be exploited by malicious people to conduct spoofing
attacks.

Full Advisory:
http://secunia.com/advisories/28645/

 --

[SA28679] Gentoo update for postgresql

Critical:    Less critical
Where:       From local network
Impact:      Privilege escalation, DoS
Released:    2008-01-29

Gentoo has issued an update for postgresql. This fixes some
vulnerabilities, which can be exploited by malicious users to gain
escalated privileges or to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28679/

 --

[SA28676] Fedora update for cups

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-01-28

Fedora has issued an update for cups. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/28676/

 --

[SA28738] Ubuntu update for pulseaudio

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-02-01

Ubuntu has issued an update for pulseaudio. This fixes a security
issue, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/28738/

 --

[SA28718] rPath update for xorg-x11

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2008-01-31

rPath has issued an update for xorg-x11. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, or to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/28718/

 --

[SA28693] Avaya CMS Solaris X Window System and X Server Multiple
Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2008-01-29

Avaya has acknowledged some vulnerabilities in Avaya CMS (Call
Management System), which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, or to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/28693/

 --

[SA28665] PatchLink Update Client for Unix Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data, Privilege escalation
Released:    2008-01-30

Larry W. Cashdollar has reported two security issues in the PatchLink
Update client for Unix, which can be exploited by malicious, local
users to truncate arbitrary files and to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/28665/

 --

[SA28664] Fedora update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Manipulation of data
Released:    2008-01-29

Fedora has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to bypass certain
security restrictions and corrupt a file system.

Full Advisory:
http://secunia.com/advisories/28664/

 --

[SA28672] Gentoo update for blam

Critical:    Not critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-01-28

Gentoo has issued an update for blam. This fixes a security issue,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/28672/

 --

[SA28654] Linux Kernel minix File System Denial of Service
Vulnerability

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-01-28

A vulnerability has been reported in the Linux Kernel, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/28654/


Other:--

[SA28667] IBM Hardware Management Console Pegasus CIM Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-01-29

A vulnerability has been reported in IBM HMC, which can be exploited by
malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28667/

 --

[SA28690] Yamaha RT Series Routers Cross-Site Request Forgery
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-01-29

A vulnerability has been reported in Yamaha RT Series Routers, which
can be exploited by malicious people to conduct cross-site request
forgery attacks.

Full Advisory:
http://secunia.com/advisories/28690/

 --

[SA28655] F5 BIG-IP Application Security Manager "report_type"
Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-01-28

nnposter has reported a vulnerability in F5 BIG-IP Application Security
Manager, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28655/


Cross Platform:--

[SA28731] Drupal Project Issue Tracking Module File Upload and Script
Insertion

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, System access
Released:    2008-01-31

Some vulnerabilities have been reported in the Project Issue Tracking
module for Drupal, which can be exploited by malicious users to conduct
script insertion attacks and compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28731/

 --

[SA28704] Connectix Boards "template_path" File Inclusion
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-01-30

HouSSaMix has discovered a vulnerability in Connectix Boards, which can
be exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28704/

 --

[SA28685] Smart Publisher "filedata" PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-01-30

GoLd_M has reported a vulnerability in Smart Publisher, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28685/

 --

[SA28682] Coppermine Photo Gallery Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, System access
Released:    2008-01-30

Some vulnerabilities have been reported in Coppermine Photo Gallery,
which can be exploited by malicious people to conduct cross-site
scripting attacks or to compromise a vulnerable system and by malicious
users to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28682/

 --

[SA28652] Mambo LaiThai Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, Manipulation of data, System access
Released:    2008-01-29

Some vulnerabilities have been reported in Mambo LaiThai, some with an
unknown impact and others, which can be exploited by malicious people
to conduct SQL injection attacks or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28652/

 --

[SA28737] Nilson's Blogger Two Local File Inclusion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-02-01

muuratsalo has discovered two vulnerabilities in Nilson's Blogger,
which can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/28737/

 --

[SA28732] Drupal Secure Site Module Security Bypass Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-01-31

A vulnerability has been reported in the Secure Site module for Drupal,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/28732/

 --

[SA28729] Drupal Comment Upload Module File Upload Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-01-31

A vulnerability has been reported in the Comment Upload Module for
Drupal, which can be exploited by malicious users to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/28729/

 --

[SA28727] PHP Links "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-01-31

Houssamix has discovered a vulnerability in PHP Links, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28727/

 --

[SA28722] VirtueMart File Disclosure and Cross-Site Request Forgery
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released:    2008-01-31

Two vulnerabilities have been reported in VirtueMart, which can be
exploited by malicious people to conduct cross-site request forgery
attacks or to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/28722/

 --

[SA28717] Drupal OpenID Module "claimed_id" Authority Spoofing

Critical:    Moderately critical
Where:       From remote
Impact:      Spoofing
Released:    2008-01-31

A vulnerability has been reported in the OpenID module for Drupal,
which can be exploited by malicious people to spoof OpenID
authorities.

Full Advisory:
http://secunia.com/advisories/28717/

 --

[SA28709] phpCMS "file" File Disclosure Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-01-30

Alexandr Polyakov and Stas Svistunovich have discovered a vulnerability
in phpCMS, which can be exploited by malicious people to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/28709/

 --

[SA28708] WordPress AdServe Plugin "id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-01-30

enter_the_dragon has discovered a vulnerability in the AdServe plugin
for WordPress, which can be exploited by malicious people to conduct
SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28708/

 --

[SA28702] WordPress WassUp Plugin "to_date" SQL Injection
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-01-31

enter_the_dragon has reported a vulnerability in the WassUp plugin for
WordPress, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/28702/

 --

[SA28691] Bigware Shop "pollid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-01-30

D4m14n has discovered a vulnerability in Bigware Shop, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28691/

 --

[SA28683] WordPress WP-Cal Plugin "id" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-01-29

Houssamix has discovered a vulnerability in the WP-Cal plugin for
WordPress, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/28683/

 --

[SA28681] Simple Forum Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released:    2008-01-29

tomplixsee has discovered some vulnerabilities in Simple Forum, which
can be exploited by malicious people to conduct cross-site scripting
attacks or to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/28681/

 --

[SA28670] Mambo Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
system information
Released:    2008-01-29

AmnPardaz Security Research Team have discovered some vulnerabilities
and a weakness in Mambo, which can be exploited by malicious people to
disclose system information, conduct cross-site scripting and
cross-site request forgery attacks, and to manipulate data.

Full Advisory:
http://secunia.com/advisories/28670/

 --

[SA28656] phpIP Management Two SQL Injection Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information
Released:    2008-01-28

Charles Hooper has discovered two vulnerabilities in phpIP Management,
which can be exploited by malicious people and users to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/28656/

 --

[SA28646] Seagull PHP Framework "files" Information Disclosure

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-01-25

fuzion has discovered a vulnerability in Seagull PHP Framework, which
can be exploited by malicious people to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/28646/

 --

[SA28711] Cisco Wireless Control System Apache Tomcat JK Web Server
Connector Buffer Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-01-31

Cisco has acknowledged a vulnerability in Cisco Wireless Control System
(WCS), which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/28711/

 --

[SA28746] Sun Java Runtime Environment External XML Entities Security
Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-02-01

Sun has acknowledged a security issue in Sun Java Runtime Environment
(JRE), which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/28746/

 --

[SA28742] Liferay Portal Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Spoofing
Released:    2008-02-01

Tomasz Kuczynski has reported some vulnerabilities in Liferay Portal,
which can be exploited by malicious people to conduct cross-site
request forgery and phishing attacks, and by malicious users to conduct
script insertion attacks.

Full Advisory:
http://secunia.com/advisories/28742/

 --

[SA28730] Drupal Userpoints Module Cross-Site Request Forgery
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-01-31

A vulnerability has been reported in the Userpoints module for Drupal,
which can be exploited by malicious people to conduct cross-site
request forgery attacks.

Full Advisory:
http://secunia.com/advisories/28730/

 --

[SA28692] Hal Networks Products Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-01-30

Some vulnerabilities have been reported in Hal Networks products, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/28692/

 --

[SA28687] Tripwire Enterprise Login Page Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-01-31

Dave Lewis has reported a vulnerability in Tripwire Enterprise, which
can be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/28687/

 --

[SA28684] webSPELL Cross-Site Scripting and Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-01-31

NBBN has discovered two vulnerabilities in webSPELL, which can be
exploited by malicious people to conduct cross-site scripting and
cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/28684/

 --

[SA28680] Nucleus CMS URL Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-01-30

Alexandr Polyakov and Stas Svistunovich have reported a vulnerability
in Nucleus CMS, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28680/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Mon Feb 04 2008 - 00:12:29 PST