[ISN] Secunia Weekly Summary - Issue: 2008-7

From: InfoSec News (alerts@private)
Date: Fri Feb 15 2008 - 00:09:07 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2008-02-07 - 2008-02-14                        

                       This week: 118 advisories                       

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Secunia invites you to join us in the biggest IT Expo event of the year
- the RSA Conference in the Moscone Center, San Francisco, California
from 7 to 11 April 2008. If you are interested in going to the expo
exhibit and meeting us, please contact your Secunia Account Executive
for a FREE EXPO PASS!

========================================================================
2) This Week in Brief:

Two highly critical vulnerabilities have been reported in ClamAV, which
can be exploited by malicious people to cause a Denial of Service or
potentially compromise a vulnerable system.

An integer overflow error within the "cli_scanpe()" function in
libclamav/pe.c can be exploited to cause a heap-based buffer overflow
via a specially crafted PE file. Another error within the "unmew11()"
function in libclamav/mew.c can be exploited to corrupt heap memory.

Successful exploitation of these vulnerabilities may allow execution of
arbitrary code. The vendor has released version 0.92.1 to resolve these
issues.

For more information, refer to:
http://secunia.com/advisories/28907/

 --

Some vulnerabilities have been reported in Cisco Unified IP Phone
models, which can be exploited by malicious users to compromise a
vulnerable device or by malicious people to cause a DoS (Denial of
Service) and compromise a vulnerable device.

Several boundary errors within the internal SSH server, in the parsing
of DNS responses, and in the handling of MIME encoded data can be
exploited to cause buffer overflows and may allow execution of
arbitrary code.

A boundary error within the internal telnet server can be exploited to
cause a buffer overflow via a specially crafted command. Successful
exploitation may allow execution of arbitrary code but requires that
the telnet server is enabled, which is not the default setting.

A boundary error in the handling of challenge/response messages from an
SIP proxy can be exploited to cause a heap-based buffer overflow.
Successful exploitation may allow execution of arbitrary code but
requires, for example, control of an SIP proxy.

Error in the handling of ICMP echo request packets, and within the
internal HTTP server when handling HTTP requests can be exploited to
cause a device to reboot via an overly large ICMP echo request packet
and a specially crafted HTTP request, respectively.

The vulnerabilities affect a variety of devices running SCCP and SIP
firmwares. The vendor has released firmware updates to resolve these
problems.

For more information, refer to:
http://secunia.com/advisories/28935/

 --

Apple has issued Mac OS X 10.5.2, a security update for Mac OS X, which
fixes multiple vulnerabilities and weaknesses. These include:

An unspecified error within Foundation in Safari's handling of URLs.
This can be exploited to cause a memory corruption when a user is
enticed to access a specially crafted URL and may allow execution of
arbitrary code.

A weakness that is due to Launch Services allowing users to start
uninstalled applications from a Time Machine Backup.

An error in the handling of file:// URLs in Mail, which can be
exploited to execute arbitrary applications without warning when a user
is enticed to click on a URL within a message.

An unspecified error within NFS when handling mbuf chains, which can be
exploited to cause a memory corruption and allow system shutdown and
potential execution of arbitrary code.

A problem within Parental Controls, in which Parental Controls contacts
www.apple.com when a site is unblocked, allowing for detection of
computers running Parental Controls.

An input validation error in Terminal when processing URL schemes,
which can be exploited to launch an application with arbitrary command
line parameters and may allow execution of arbitrary code when a user
visits a specially crafted web page.

An error in X11, which causes certain settings ("Allow connections from
network client") not to be applied.

Other known vulnerabilities in third-party components used by Mac OS X,
such as Samba and X11 X Font Server, are also fixed in this release.

For more information, refer to:
http://secunia.com/advisories/28891/

 --

Some vulnerabilities and weaknesses have been fixed in the latest
version of Mozilla Firefox, which can be exploited by malicious people
to disclose sensitive information, bypass certain security
restrictions, conduct spoofing attacks, or to compromise a user's
system.

Various errors have been fixed in Firefox's browser engine and
Javascript engine, which can be exploited to cause a memory corruption
and allow the execution of arbitrary code.

A weakness due to a design error within the focus handling and which
can potentially be exploited to trick a user into uploading arbitrary
files has also been fixed.

An error in the handling of images when a user leaves a page, which
uses "designMode" frames, can be exploited to disclose the user's
navigation history, forward navigation information, and to cause a
memory corruption. Successful exploitation of this vulnerability may
allow execution of arbitrary code.

A design error related to timer-enabled dialogs can be exploited to
trick a user into unintentionally confirming a security dialog.

A problem in Firefox, which follows "302" redirects for stylesheets and
allows reading the target URL via "element.sheet.href", can potentially
be exploited to disclose sensitive URL parameters.

The vulnerabilities are reported in versions prior to 2.0.0.12. Users
are advised to download the updated version immediately.

For more information, refer to:
http://secunia.com/advisories/28758/

To find out if your home computer is vulnerable to any of these
security problems, scan using the free Personal Software Inspector:
https://psi.secunia.com/

Check if a vulnerable version is installed on computers in your
corporate network, using the Network Software Inspector:
http://secunia.com/network/software_inspector/

 --

Microsoft released eleven security bulletins for February, three of
which have been rated by Secunia as less critical issues, with the rest
as highly critical issues.

The updates include some Denial of Service conditions for Microsoft
Active Directory, and Windows Vista; a privilege escalation and a
system compromise issue for Microsoft IIS, two highly critical system
compromise vulnerabilities in the Windows operating system, four highly
critical vulnerabilities due to parsing and calculation errors in
Microsoft Office, and a security update for Internet Explorer.

Users are urged to visit Microsoft Update to patch their systems as
soon as possible.

For more information, refer to:
http://secunia.com/advisories/28764/
http://secunia.com/advisories/28828/
http://secunia.com/advisories/28849/
http://secunia.com/advisories/28893/
http://secunia.com/advisories/28894/
http://secunia.com/advisories/28902/
http://secunia.com/advisories/28901/
http://secunia.com/advisories/28903/
http://secunia.com/advisories/28904/
http://secunia.com/advisories/28906/
http://secunia.com/advisories/28909/

To find out if your home computer is vulnerable to any of these
security problems, scan using the free Personal Software Inspector:
https://psi.secunia.com/

Check if a vulnerable version is installed on computers in your
corporate network, using the Network Software Inspector:
http://secunia.com/network/software_inspector/

 --

VIRUS ALERTS:

During the past week Secunia collected 155 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA28835] Linux Kernel "vmsplice()" System Call Vulnerabilities
2.  [SA28758] Mozilla Firefox Multiple Vulnerabilities
3.  [SA28802] Adobe Reader/Acrobat Multiple Vulnerabilities
4.  [SA28851] Adobe Reader/Acrobat 7 Multiple Vulnerabilities
5.  [SA28795] Sun JRE Applet Handling Two Vulnerabilities
6.  [SA28808] Mozilla Thunderbird Multiple Vulnerabilities
7.  [SA28804] UltraVNC vncviewer Multiple Buffer Overflow
              Vulnerabilities
8.  [SA28766] Red Hat update for seamonkey
9.  [SA28853] Symantec Ghost Solution Suite Client Command Execution
              Vulnerability
10. [SA28820] VPN-1 SecuRemote/SecureClient NGX R60 and NGAI R56
              Information Disclosure

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA28909] Microsoft Office Object Parsing Memory Corruption
Vulnerability
[SA28906] Microsoft Office Publisher File Parsing Vulnerabilities
[SA28904] Microsoft Works File Converter File Parsing Vulnerabilities
[SA28903] Microsoft Internet Explorer Multiple Vulnerabilities
[SA28902] Microsoft Windows OLE Automation Memory Corruption
[SA28901] Microsoft Word File Information Block Memory Corruption
[SA28894] Microsoft WebDAV Mini-Redirector Pathname Buffer Overflow
[SA28893] Microsoft Internet Information Services Code Execution
Vulnerability
[SA28855] jetAudio ASX Parsing Buffer Overflow Vulnerability
[SA28854] Sony ImageStation AxRUploadControl ActiveX Control
"SetLogging()" Buffer Overflow
[SA28863] SafeNet Sentinel Protection Server/Key Server Directory
Traversal Vulnerability
[SA28842] Husrev BlackBoard "forumid" SQL Injection Vulnerability
[SA28905] RPM Remote Print Manager Service "Receive data file" Buffer
Overflow
[SA28895] Novell Client NWSPOOL.DLL "EnumPrinters()" Buffer Overflow
[SA28890] Larson Network Print Server Format String and Buffer Overflow
Vulnerabilities
[SA28870] cyan soft Products Format String and Denial of Service
Vulnerabilities
[SA28945] Adobe RoboHelp Cross-Site Scripting Vulnerability
[SA28908] Beyond! Job Board "FKeywords" Cross-Site Scripting
Vulnerability
[SA28882] Tendenci CMS search.asp Cross-Site Scripting Vulnerabilities
[SA28934] Intermate WinIPDS Directory Traversal and Denial of Service
Vulnerabilities
[SA28862] ExtremeZ-IP File and Print Server Multiple Vulnerabilities
[SA28853] Symantec Ghost Solution Suite Client Command Execution
Vulnerability
[SA28975] Fortinet FortiClient Privilege Escalation Vulnerability
[SA28849] Microsoft Internet Information Services Privilege Escalation

UNIX/Linux:
[SA28956] Debian update for mplayer
[SA28948] Gentoo update for gnumeric
[SA28939] Fedora update for firefox, seamonkey, and gtkmozembedmm
[SA28924] Fedora update for firefox, seamonkey, gtkmozembedmm, and
Miro
[SA28918] Fedora update for xine-lib
[SA28913] Fedora update for clamav
[SA28907] ClamAV Multiple Vulnerabilities
[SA28898] Gentoo update for gallery
[SA28891] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities
[SA28888] Red Hat update for java-1.5.0-sun
[SA28879] Debian update for xulrunner
[SA28877] rPath update for firefox
[SA28865] Debian update for icedove
[SA28864] Debian update for iceweasel
[SA28845] Mandriva update for gd
[SA28839] Ubuntu update for firefox
[SA28979] FreeBSD update for ipsec
[SA28960] Fedora update for glib2
[SA28959] Graphviz GD GIF Handling Buffer Overflow Vulnerability
[SA28954] rPath update for tk
[SA28930] Debian update for nagios-plugins
[SA28915] Fedora update for tomcat5
[SA28911] ikiwiki Two Script Insertion Vulnerabilities
[SA28897] Gentoo update for horde-imp
[SA28869] rPath update for SDL_image
[SA28867] Debian update for tk8.4
[SA28866] Fedora update for graphviz
[SA28857] Debian update for tk8.3
[SA28850] Mandriva update for SDL_image
[SA28848] Mandriva update for tk
[SA28838] SUSE Update for Multiple Packages
[SA28837] Debian update for sdl-image1.2
[SA28971] Ubuntu update for kernel
[SA28965] HP-UX update for Apache
[SA28951] OpenCA Cross-Site Request Forgery Vulnerability
[SA28920] Fedora update for wordpress
[SA28916] Fedora update for mailman
[SA28871] Debian update for phpbb2
[SA28860] rPath update for boost
[SA28953] rPath update for openldap
[SA28926] OpenLDAP modrdn Denial of Service Vulnerability
[SA28914] Fedora update for openldap
[SA28952] Gentoo update for pulseaudio
[SA28944] Gentoo update for scponly
[SA28941] Avaya CMS Sun Solaris X Window System and X Server
Vulnerabilities
[SA28937] Red Hat update for kernel
[SA28933] Ubuntu update for kernel
[SA28931] Sun Solaris 10 Language Input Methods Security Issue
[SA28925] rPath update for kernel
[SA28917] Fedora update for duplicity
[SA28912] Fedora update for kernel-xen
[SA28896] Fedora update for kernel
[SA28889] SUSE update for kernel
[SA28885] NX Server X11 Multiple Vulnerabilities
[SA28875] Debian update for linux-2.6
[SA28858] Mandriva update for kernel
[SA28856] Website META Language Insecure Temporary Files
[SA28843] OpenBSD update for X.Org
[SA28835] Linux Kernel "vmsplice()" System Call Vulnerabilities
[SA28928] FreeBSD "sendfile" Information Disclosure Security Issue
[SA28921] Sun Solaris USB Mouse STREAMS Module Local Denial of Service

Other:
[SA28935] Cisco Unified IP Phone Multiple Vulnerabilities
[SA28932] Cisco Unified Communications Manager "key" SQL Injection

Cross Platform:
[SA28946] Adobe Flash Media Server Edge Server Multiple
Vulnerabilities
[SA28886] SAPID CMF "last_module" PHP Code Execution
[SA28874] Open-Realty "last_module" PHP Code Execution
[SA28859] PacerCMS "last_module" PHP Code Execution
[SA28851] Adobe Reader/Acrobat 7 Multiple Vulnerabilities
[SA28836] PowerNews Multiple Vulnerabilities
[SA28969] JSPWiki Multiple Vulnerabilities
[SA28950] AuraCMS "albums" SQL Injection Vulnerability
[SA28929] iTheora "url" Disclosure of Sensitive Information
[SA28927] artmedic weblog Multiple Vulnerabilities
[SA28923] PCRE Character Class Buffer Overflow
[SA28892] Ajax Simple Chat Script Insertion Vulnerability
[SA28887] ITechBids "item_id" SQL Injection Vulnerability
[SA28883] Joomla! Rapid Recipe Component Two SQL Injection
Vulnerabilities
[SA28878] Apache Tomcat Multiple Vulnerabilities
[SA28873] Journalness "last_module" PHP Code Execution
[SA28872] Cacti Multiple Vulnerabilities
[SA28861] Joomla! XML-RPC / Blogger API Vulnerability
[SA28847] PHParanoid Cross-Site Request Forgery and Security Bypass
[SA28846] IEA Products Management Web Server Memory Corruption
Vulnerability
[SA28947] Adobe Connect Enterprise Server Flash Media Server
Vulnerabilities
[SA28919] F-Secure Products CAB and RAR Archives Security Bypass
[SA28900] Simple Machines Forum SMF Shoutbox Mod Script Insertion
[SA28899] MercuryBoard "message" Cross-Site Scripting
[SA28884] Apache Tomcat Cookie Handling Session ID Disclosure
[SA28881] Loris Hotel Reservation System "hotel_name" Cross-Site
Scripting
[SA28876] Drupal Header Image Module Security Bypass Vulnerability
[SA28852] Serendipity Freetag Plugin Tag Name Cross-Site Scripting
[SA28844] HP Select Identity Multiple Unspecified Vulnerabilities
[SA28841] Sift Unity "qt" Cross-Site Scripting
[SA28840] MODx Cross-Site Scripting and Cross-Site Request Forgery

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA28909] Microsoft Office Object Parsing Memory Corruption
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-12

A vulnerability has been reported in Microsoft Office, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28909/

 --

[SA28906] Microsoft Office Publisher File Parsing Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-12

Some vulnerabilities have been reported in Microsoft Office Publisher,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/28906/

 --

[SA28904] Microsoft Works File Converter File Parsing Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-12

Some vulnerabilities have been reported in Microsoft Office and
Microsoft Works, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28904/

 --

[SA28903] Microsoft Internet Explorer Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-12

Some vulnerabilities have been reported in Internet Explorer, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28903/

 --

[SA28902] Microsoft Windows OLE Automation Memory Corruption

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-12

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28902/

 --

[SA28901] Microsoft Word File Information Block Memory Corruption

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-12

A vulnerability has been reported in Microsoft Word, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28901/

 --

[SA28894] Microsoft WebDAV Mini-Redirector Pathname Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-12

A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28894/

 --

[SA28893] Microsoft Internet Information Services Code Execution
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-12

A vulnerability has been reported in Microsoft Internet Information
Services (IIS), which can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28893/

 --

[SA28855] jetAudio ASX Parsing Buffer Overflow Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-11

Laurent Gaffie has discovered a vulnerability in jetAudio, which can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28855/

 --

[SA28854] Sony ImageStation AxRUploadControl ActiveX Control
"SetLogging()" Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-11

david130490 has discovered a vulnerability in Sony ImageStation
AxRUploadControl Object ActiveX control, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28854/

 --

[SA28863] SafeNet Sentinel Protection Server/Key Server Directory
Traversal Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-02-12

Luigi Auriemma has discovered a vulnerability in SafeNet Sentinel
Protection Server and Key Server, which can be exploited by malicious
people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/28863/

 --

[SA28842] Husrev BlackBoard "forumid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-02-11

Cr@zy_King has discovered a vulnerability in Husrev BlackBoard, which
can be exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28842/

 --

[SA28905] RPM Remote Print Manager Service "Receive data file" Buffer
Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-02-12

Luigi Auriemma has discovered a vulnerability in RPM Remote Print
Manager, which potentially can be exploited by malicious people to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28905/

 --

[SA28895] Novell Client NWSPOOL.DLL "EnumPrinters()" Buffer Overflow

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-02-12

A vulnerability has been reported in Novell Client, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28895/

 --

[SA28890] Larson Network Print Server Format String and Buffer Overflow
Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-02-12

Luigi Auriemma has discovered two vulnerabilities in Larson Network
Print Server, which can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28890/

 --

[SA28870] cyan soft Products Format String and Denial of Service
Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-02-11

Luigi Auriemma has discovered some vulnerabilities in cyan soft
products, which can be exploited by malicious people to cause a DoS
(Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28870/

 --

[SA28945] Adobe RoboHelp Cross-Site Scripting Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-13

A vulnerability has been reported in RoboHelp, which can be exploited
by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28945/

 --

[SA28908] Beyond! Job Board "FKeywords" Cross-Site Scripting
Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-12

Ivan Sanchez and Maximiliano Soler have reported a vulnerability in
Beyond! Job Board, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28908/

 --

[SA28882] Tendenci CMS search.asp Cross-Site Scripting Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-13

Russ McRee has reported some vulnerabilities in Tendenci CMS, which can
be exploited by malicious people to conduct cross-site scripting
attacks.

Full Advisory:
http://secunia.com/advisories/28882/

 --

[SA28934] Intermate WinIPDS Directory Traversal and Denial of Service
Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information, DoS
Released:    2008-02-13

Luigi Auriemma has reported some vulnerabilities in Intermate WinIPDS,
which can be exploited by malicious people to disclose sensitive
information or cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28934/

 --

[SA28862] ExtremeZ-IP File and Print Server Multiple Vulnerabilities

Critical:    Less critical
Where:       From local network
Impact:      Exposure of system information, Exposure of sensitive
information, DoS
Released:    2008-02-11

Luigi Auriemma has discovered some vulnerabilities in ExtremeZ-IP File
and Print Server, which can be exploited by malicious people to
disclose potentially sensitive information or cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/28862/

 --

[SA28853] Symantec Ghost Solution Suite Client Command Execution
Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      System access
Released:    2008-02-08

A vulnerability has been reported in Symantec Ghost Solution Suite,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/28853/

 --

[SA28975] Fortinet FortiClient Privilege Escalation Vulnerability

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-02-14

Ruben Santamarta has reported a vulnerability in Fortinet FortiClient,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/28975/

 --

[SA28849] Microsoft Internet Information Services Privilege Escalation

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-02-12

A vulnerability has been reported in Microsoft Internet Information
Services (IIS), which can be exploited by malicious, local users to
gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/28849/


UNIX/Linux:--

[SA28956] Debian update for mplayer

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-13

Debian has issued an update for mplayer. This fixes some
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28956/

 --

[SA28948] Gentoo update for gnumeric

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-13

Gentoo has issued an update for gnumeric. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/28948/

 --

[SA28939] Fedora update for firefox, seamonkey, and gtkmozembedmm

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released:    2008-02-13

Fedora has issued an update for firefox, seamonkey, and gtkmozembedmm.
This fixes some vulnerabilities, which can be exploited by malicious
people to disclose sensitive information, bypass certain security
restrictions, conduct spoofing attacks, or potentially to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/28939/

 --

[SA28924] Fedora update for firefox, seamonkey, gtkmozembedmm, and
Miro

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released:    2008-02-13

Fedora has issued an update for firefox, seamonkey, gtkmozembedmm, and
Miro. This fixes some vulnerabilities and weaknesses, which can be
exploited by malicious people to disclose sensitive information, bypass
certain security restrictions, conduct spoofing attacks, or to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28924/

 --

[SA28918] Fedora update for xine-lib

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-13

Fedora has issued an update for xine-lib. This fixes a vulnerability,
which can be exploited by malicious people to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/28918/

 --

[SA28913] Fedora update for clamav

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-13

Fedora has issued an update for clamav. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to potentially compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/28913/

 --

[SA28907] ClamAV Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-12

Some vulnerabilities have been reported in ClamAV, which can be
exploited by malicious people to cause a DoS (Denial of Service) or to
potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28907/

 --

[SA28898] Gentoo update for gallery

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-02-12

Gentoo has issued an update for gallery. This fixes a weakness and some
vulnerabilities, where some have unspecified impacts and others can be
exploited by malicious users or malicious people to disclose sensitive
information, conduct cross-site scripting attacks, bypass certain
security restrictions, and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28898/

 --

[SA28891] Apple Mac OS X Security Update Fixes Multiple
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of system information, Privilege
escalation, DoS, System access
Released:    2008-02-12

Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities and weaknesses.

Full Advisory:
http://secunia.com/advisories/28891/

 --

[SA28888] Red Hat update for java-1.5.0-sun

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-12

Red Hat has issued an update for java-1.5.0-sun. This fixes two
vulnerabilities, which can be exploited by malicious people to
compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28888/

 --

[SA28879] Debian update for xulrunner

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released:    2008-02-11

Debian has issued an update for xulrunner. This fixes some weaknesses
and vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
conduct spoofing attacks, or to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28879/

 --

[SA28877] rPath update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released:    2008-02-11

rPath has issued an update for firefox. This fixes some vulnerabilities
and weaknesses, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, conduct
spoofing attacks, or to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28877/

 --

[SA28865] Debian update for icedove

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information, DoS,
System access
Released:    2008-02-11

Debian has issued an update for icedove. This fixes some
vulnerabilities, which can be exploited by malicious people to disclose
sensitive information, bypass certain security restrictions, or
potentially to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28865/

 --

[SA28864] Debian update for iceweasel

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released:    2008-02-11

Debian has issued an update for iceweasel. This fixes some weaknesses
and vulnerabilities, which can be exploited by malicious people to
disclose sensitive information, bypass certain security restrictions,
conduct spoofing attacks, or to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28864/

 --

[SA28845] Mandriva update for gd

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS
Released:    2008-02-08

Mandriva has issued an update for gd. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/28845/

 --

[SA28839] Ubuntu update for firefox

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Spoofing, Exposure
of sensitive information, DoS, System access
Released:    2008-02-08

Ubuntu has issued an update for firefox. This fixes some
vulnerabilities and weaknesses, which can be exploited by malicious
people to disclose sensitive information, bypass certain security
restrictions, conduct spoofing attacks, or to compromise a user's
system.

Full Advisory:
http://secunia.com/advisories/28839/

 --

[SA28979] FreeBSD update for ipsec

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-02-14

FreeBSD has issued an update for ipsec. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/28979/

 --

[SA28960] Fedora update for glib2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-14

Fedora has released an update for glib2. This fixes a vulnerability,
which potentially can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28960/

 --

[SA28959] Graphviz GD GIF Handling Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-13

A vulnerability has been reported in Graphviz, which can potentially be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28959/

 --

[SA28954] rPath update for tk

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-13

rPath has issued an update for tk. This fixes a vulnerability, which
can potentially be exploited by malicious people to compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/28954/

 --

[SA28930] Debian update for nagios-plugins

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-13

Debian has issued an update for nagios-plugins. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28930/

 --

[SA28915] Fedora update for tomcat5

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Exposure of
sensitive information
Released:    2008-02-13

Fedora has issued an update for tomcat5. This fixes a security issue,
which can be exploited by malicious, local users to bypass certain
security restrictions, and some vulnerabilities, which can be exploited
by malicious people to manipulate certain data or to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/28915/

 --

[SA28911] ikiwiki Two Script Insertion Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-12

Two vulnerabilities have been reported in ikiwiki, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/28911/

 --

[SA28897] Gentoo update for horde-imp

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Manipulation of
data
Released:    2008-02-12

Gentoo has issued an update for horde-imp. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions and manipulate data.

Full Advisory:
http://secunia.com/advisories/28897/

 --

[SA28869] rPath update for SDL_image

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-14

rPath has issued an update for SDL_image. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/28869/

 --

[SA28867] Debian update for tk8.4

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-11

Debian has issued an update for tk8.4. This fixes a vulnerability,
which can potentially be exploited by malicious people to compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/28867/

 --

[SA28866] Fedora update for graphviz

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-13

Fedora has issued an update for graphviz. This fixes a vulnerability,
which can potentially be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/28866/

 --

[SA28857] Debian update for tk8.3

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-11

Debian has issued an update for tk8.3. This fixes a vulnerability,
which can potentially be exploited by malicious people to compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/28857/

 --

[SA28850] Mandriva update for SDL_image

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-08

Mandriva has issued an update for SDL_image. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/28850/

 --

[SA28848] Mandriva update for tk

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-08

Mandriva has issued an update for tk. This fixes a vulnerability, which
can potentially be exploited by malicious people to compromise an
application using the library.

Full Advisory:
http://secunia.com/advisories/28848/

 --

[SA28838] SUSE Update for Multiple Packages

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data, Privilege
escalation, DoS, System access
Released:    2008-02-08

SUSE has issued an update for multiple packages. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain escalated privileges and cause a DoS (Denial of Service), by
malicious users to manipulate data, gain escalated privileges, and
cause a DoS, and by malicious people to manipulate data, bypass certain
security restrictions, cause a DoS, and potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/28838/

 --

[SA28837] Debian update for sdl-image1.2

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-11

Debian has issued an update for sdl-image1.2. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise an application using
the library.

Full Advisory:
http://secunia.com/advisories/28837/

 --

[SA28971] Ubuntu update for kernel

Critical:    Less critical
Where:       From remote
Impact:      Unknown, Security Bypass, Manipulation of data, Exposure
of sensitive information, DoS
Released:    2008-02-14

Ubuntu has issued an update for the kernel. This fixes a security issue
and some vulnerabilities, where one has an unknown impact and others can
be exploited by malicious, local users to disclose potentially sensitive
information, cause a DoS (Denial of Service), bypass certain security
restrictions, and corrupt a file system, and by malicious people to
cause a DoS.

Full Advisory:
http://secunia.com/advisories/28971/

 --

[SA28965] HP-UX update for Apache

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-14

HP-UX has issued an update for Apache. This fixes a vulnerability,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/28965/

 --

[SA28951] OpenCA Cross-Site Request Forgery Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-14

Alexander Klink has reported a vulnerability in OpenCA, which can be
exploited by malicious people to conduct cross-site request forgery
attacks.

Full Advisory:
http://secunia.com/advisories/28951/

 --

[SA28920] Fedora update for wordpress

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Manipulation of data
Released:    2008-02-13

Fedora has issued an update for wordpress. This fixes a vulnerability,
which can be exploited by malicious users to bypass certain security
restrictions and to manipulate data.

Full Advisory:
http://secunia.com/advisories/28920/

 --

[SA28916] Fedora update for mailman

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-13

Fedora has issued an update for mailman. This fixes a vulnerability,
which can be exploited by malicious users to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/28916/

 --

[SA28871] Debian update for phpbb2

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, System access
Released:    2008-02-11

Debian has issued an update for phpbb2. This fixes some
vulnerabilities, which can be exploited by malicious users to
compromise a vulnerable system and by malicious people to conduct
cross-site scripting and cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/28871/

 --

[SA28860] rPath update for boost

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-02-14

rPath has issued an update for boost. This fixes some vulnerabilities,
which can be exploited by malicious people to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/28860/

 --

[SA28953] rPath update for openldap

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-02-13

rPath has issued an update for openldap. This fixes some
vulnerabilities, which can be exploited by malicious users to cause a
DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28953/

 --

[SA28926] OpenLDAP modrdn Denial of Service Vulnerability

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-02-13

A vulnerability has been reported in OpenLDAP, which can be exploited
by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/28926/

 --

[SA28914] Fedora update for openldap

Critical:    Less critical
Where:       From local network
Impact:      DoS
Released:    2008-02-13

Fedora has issued an update for openldap. This fixes a vulnerability,
which can be exploited by malicious users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/28914/

 --

[SA28952] Gentoo update for pulseaudio

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-02-14

Gentoo has issued an update for pulseaudio. This fixes a security
issue, which can be exploited by malicious, local users to perform
certain actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/28952/

 --

[SA28944] Gentoo update for scponly

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-02-13

Gentoo has issued an update for scponly. This fixes a security issue,
which can be exploited by malicious, local users to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/28944/

 --

[SA28941] Avaya CMS Sun Solaris X Window System and X Server
Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation, DoS
Released:    2008-02-14

Avaya has acknowledged some vulnerabilities in Avaya CMS, which can be
exploited by malicious, local users to cause a DoS (Denial of Service)
or to gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/28941/

 --

[SA28937] Red Hat update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-02-13

Red Hat has issued an update for the kernel. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/28937/

 --

[SA28933] Ubuntu update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-02-13

Ubuntu has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/28933/

 --

[SA28931] Sun Solaris 10 Language Input Methods Security Issue

Critical:    Less critical
Where:       Local system
Impact:      Manipulation of data
Released:    2008-02-13

A security issue has been reported in Sun Solaris, which can be
exploited by malicious, local users to modify certain files or
directories.

Full Advisory:
http://secunia.com/advisories/28931/

 --

[SA28925] rPath update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-02-13

rPath has issued an update for the kernel. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/28925/

 --

[SA28917] Fedora update for duplicity

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2008-02-13

Fedora has issued an update for duplicity. This fixes a security issue,
which can be exploited by malicious, local users to disclose sensitive
information.

Full Advisory:
http://secunia.com/advisories/28917/

 --

[SA28912] Fedora update for kernel-xen

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-02-13

Fedora has issued an update for kernel-xen. This fixes a vulnerability,
which can be exploited by malicious, local users to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/28912/

 --

[SA28896] Fedora update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2008-02-12

Fedora has issued an update for the kernel. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
cause a DoS (Denial of Service), disclose potentially sensitive
information, and gain escalated privileges.

Full Advisory:
http://secunia.com/advisories/28896/

 --

[SA28889] SUSE update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation
Released:    2008-02-12

SUSE has issued an update for the kernel. This fixes a security issue
an a vulnerability, which can be exploited by malicious, local users to
disclose potentially sensitive information or gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/28889/

 --

[SA28885] NX Server X11 Multiple Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2008-02-12

Some vulnerabilities have been reported in NX Server, which can be
exploited by malicious, local users to cause a DoS (Denial of Service),
disclose potentially sensitive information, or to gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/28885/

 --

[SA28875] Debian update for linux-2.6

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass, Exposure of sensitive information,
Privilege escalation, DoS
Released:    2008-02-12

Debian has issued an update for linux-2.6. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
bypass certain security restrictions, cause a DoS (Denial of Service),
disclose potentially sensitive information, and gain escalated
privileges.

Full Advisory:
http://secunia.com/advisories/28875/

 --

[SA28858] Mandriva update for kernel

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-02-12

Mandriva has issued an update for the kernel. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/28858/

 --

[SA28856] Website META Language Insecure Temporary Files

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-02-08

Some security issues have been reported in Website META Language, which
can be exploited by malicious, local users to perform certain actions
with escalated privileges.

Full Advisory:
http://secunia.com/advisories/28856/

 --

[SA28843] OpenBSD update for X.Org

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2008-02-08

OpenBSD has issued an update for X.Org.This fixes some vulnerabilities,
which can be exploited by malicious, local users to cause a DoS (Denial
of Service), disclose potentially sensitive information, or to gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/28843/

 --

[SA28835] Linux Kernel "vmsplice()" System Call Vulnerabilities

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information, Privilege escalation,
DoS
Released:    2008-02-11

Some vulnerabilities have been reported in the Linux Kernel, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service), disclose potentially sensitive information, and gain
escalated privileges.

Full Advisory:
http://secunia.com/advisories/28835/

 --

[SA28928] FreeBSD "sendfile" Information Disclosure Security Issue

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2008-02-14

A security issue has been reported in FreeBSD, which potentially can be
exploited by malicious, local users to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/28928/

 --

[SA28921] Sun Solaris USB Mouse STREAMS Module Local Denial of Service

Critical:    Not critical
Where:       Local system
Impact:      DoS
Released:    2008-02-13

A vulnerability has been reported in Sun Solaris, which can be
exploited by malicious, local users to cause a DoS (Denial of
Service).

Full Advisory:
http://secunia.com/advisories/28921/


Other:--

[SA28935] Cisco Unified IP Phone Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-14

Some vulnerabilities have been reported in Cisco Unified IP Phone
models, which can be exploited by malicious users to compromise a
vulnerable device or by malicious people to cause a DoS (Denial of
Service) and compromise a vulnerable device.

Full Advisory:
http://secunia.com/advisories/28935/

 --

[SA28932] Cisco Unified Communications Manager "key" SQL Injection

Critical:    Less critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-02-14

A vulnerability has been reported in Cisco Unified Communications
Manager, which can be exploited by malicious users to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/28932/


Cross Platform:--

[SA28946] Adobe Flash Media Server Edge Server Multiple
Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-13

Some vulnerabilities have been reported in Adobe Flash Media Server,
which can be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/28946/

 --

[SA28886] SAPID CMF "last_module" PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-11

GoLd_M has discovered a vulnerability in SAPID CMF, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28886/

 --

[SA28874] Open-Realty "last_module" PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-11

Iron has discovered a vulnerability in Open-Realty, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28874/

 --

[SA28859] PacerCMS "last_module" PHP Code Execution

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-02-11

GoLd_M has discovered a vulnerability in PacerCMS, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28859/

 --

[SA28851] Adobe Reader/Acrobat 7 Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, System access
Released:    2008-02-08

Some vulnerabilities have been reported in Adobe Reader/Acrobat, some
of which have unknown impacts while others can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/28851/

 --

[SA28836] PowerNews Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data, Exposure of
sensitive information, System access
Released:    2008-02-11

Some vulnerabilities and a weakness have been discovered in PowerNews,
which can be exploited by malicious users to compromise a vulnerable
system and by malicious people to conduct cross-site scripting and SQL
injection attacks, disclose certain information, and compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/28836/

 --

[SA28969] JSPWiki Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information, System access
Released:    2008-02-14

Moshe BA has discovered some vulnerabilities in JSPWiki, which can be
exploited by malicious people to conduct cross-site scripting attacks
or to disclose potentially sensitive information, and by malicious
users to potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28969/

 --

[SA28950] AuraCMS "albums" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-02-13

DNX has discovered a vulnerability in AuraCMS, which can be exploited
by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28950/

 --

[SA28929] iTheora "url" Disclosure of Sensitive Information

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-02-14

A vulnerability has been reported in iTheora, which can be exploited by
malicious people to disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/28929/

 --

[SA28927] artmedic weblog Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Exposure of system information,
Exposure of sensitive information
Released:    2008-02-13

muuratsalo has discovered some vulnerabilities in artmedic weblog,
which can be exploited by malicious people to conduct cross-site
scripting attacks or to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/28927/

 --

[SA28923] PCRE Character Class Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-14

A vulnerability has been reported in PCRE, which potentially can be
exploited by malicious people to cause a DoS (Denial of Service) or
compromise an application using the library.

Full Advisory:
http://secunia.com/advisories/28923/

 --

[SA28892] Ajax Simple Chat Script Insertion Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-12

Aria-Security Team has reported a vulnerability in Ajax Simple Chat,
which can be exploited by malicious people to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/28892/

 --

[SA28887] ITechBids "item_id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-02-11

SoSo H H has reported a vulnerability in ITechBids, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28887/

 --

[SA28883] Joomla! Rapid Recipe Component Two SQL Injection
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-02-12

breaker_unit has discovered two vulnerabilities in the Rapid Recipe
component for Joomla!, which can be exploited by malicious people to
conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28883/

 --

[SA28878] Apache Tomcat Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-02-11

Some vulnerabilities have been reported in Apache Tomcat, which can be
exploited by malicious people to manipulate certain data or to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/28878/

 --

[SA28873] Journalness "last_module" PHP Code Execution

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-02-11

Iron has discovered a vulnerability in Journalness, which can be
exploited by malicious people to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28873/

 --

[SA28872] Cacti Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Cross Site Scripting, Manipulation of data
Released:    2008-02-12

Some vulnerabilities have been reported in Cacti, which can be
exploited by malicious people to conduct HTTP response splitting,
cross-site scripting, and SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/28872/

 --

[SA28861] Joomla! XML-RPC / Blogger API Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-02-11

A vulnerability has been reported in Joomla!, which can be exploited by
malicious people to manipulate certain data.

Full Advisory:
http://secunia.com/advisories/28861/

 --

[SA28847] PHParanoid Cross-Site Request Forgery and Security Bypass

Critical:    Moderately critical
Where:       From remote
Impact:      Unknown, Security Bypass, Cross Site Scripting
Released:    2008-02-14

Some vulnerabilities have been reported in PHParanoid, which can be
exploited by malicious people to conduct cross-site request forgery
attacks and to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/28847/

 --

[SA28846] IEA Products Management Web Server Memory Corruption
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-02-11

Luigi Auriemma has discovered a vulnerability in various IEA Products,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28846/

 --

[SA28947] Adobe Connect Enterprise Server Flash Media Server
Vulnerabilities

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-02-13

Some vulnerabilities have been reported in Adobe Connect Enterprise
Server, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/28947/

 --

[SA28919] F-Secure Products CAB and RAR Archives Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-02-13

A vulnerability has been reported in various F-Secure products, which
can be exploited by malware to bypass the scanning functionality.

Full Advisory:
http://secunia.com/advisories/28919/

 --

[SA28900] Simple Machines Forum SMF Shoutbox Mod Script Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-12

enterth3dragon has discovered a vulnerability in the SMF Shoutbox mod
for Simple Machines Forum, which can be exploited by malicious users to
conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/28900/

 --

[SA28899] MercuryBoard "message" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-12

Aria-Security Team have discovered a vulnerability in MercuryBoard,
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/28899/

 --

[SA28884] Apache Tomcat Cookie Handling Session ID Disclosure

Critical:    Less critical
Where:       From remote
Impact:      Exposure of sensitive information
Released:    2008-02-11

Two vulnerabilities have been reported in Apache Tomcat, which can be
exploited by malicious people to disclose sensitive information.

Full Advisory:
http://secunia.com/advisories/28884/

 --

[SA28881] Loris Hotel Reservation System "hotel_name" Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-11

Russ McRee has reported a vulnerability in Loris Hotel Reservation
System, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28881/

 --

[SA28876] Drupal Header Image Module Security Bypass Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-02-14

A vulnerability has been reported in the Header Image module for
Drupal, which can be exploited by malicious people to bypass certain
security restrictions.

Full Advisory:
http://secunia.com/advisories/28876/

 --

[SA28852] Serendipity Freetag Plugin Tag Name Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-11

Alexander Brachmann has reported a vulnerability in the Freetag plugin
for Serendipity, which can be exploited by malicious people to conduct
cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28852/

 --

[SA28844] HP Select Identity Multiple Unspecified Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, System access
Released:    2008-02-08

Some vulnerabilities have been reported in HP Select Identity, which
can be exploited by malicious users to bypass certain security
restrictions or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/28844/

 --

[SA28841] Sift Unity "qt" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-08

Russ McRee has reported a vulnerability in Sift Unity, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/28841/

 --

[SA28840] MODx Cross-Site Scripting and Cross-Site Request Forgery

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-02-08

Alexandr Polyakov and Stas Svistunovich have discovered some
vulnerabilities in MODx, which can be exploited by malicious people to
conduct cross-site scripting and cross-site request forgery attacks.

Full Advisory:
http://secunia.com/advisories/28840/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Fri Feb 15 2008 - 00:18:11 PST