======================================================================== The Secunia Weekly Advisory Summary 2008-02-07 - 2008-02-14 This week: 118 advisories ======================================================================== Table of Contents: 1.....................................................Word From Secunia 2....................................................This Week In Brief 3...............................This Weeks Top Ten Most Read Advisories 4.......................................Vulnerabilities Summary Listing 5.......................................Vulnerabilities Content Listing ======================================================================== 1) Word From Secunia: Secunia invites you to join us in the biggest IT Expo event of the year - the RSA Conference in the Moscone Center, San Francisco, California from 7 to 11 April 2008. If you are interested in going to the expo exhibit and meeting us, please contact your Secunia Account Executive for a FREE EXPO PASS! ======================================================================== 2) This Week in Brief: Two highly critical vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a Denial of Service or potentially compromise a vulnerable system. An integer overflow error within the "cli_scanpe()" function in libclamav/pe.c can be exploited to cause a heap-based buffer overflow via a specially crafted PE file. Another error within the "unmew11()" function in libclamav/mew.c can be exploited to corrupt heap memory. Successful exploitation of these vulnerabilities may allow execution of arbitrary code. The vendor has released version 0.92.1 to resolve these issues. For more information, refer to: http://secunia.com/advisories/28907/ -- Some vulnerabilities have been reported in Cisco Unified IP Phone models, which can be exploited by malicious users to compromise a vulnerable device or by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable device. Several boundary errors within the internal SSH server, in the parsing of DNS responses, and in the handling of MIME encoded data can be exploited to cause buffer overflows and may allow execution of arbitrary code. A boundary error within the internal telnet server can be exploited to cause a buffer overflow via a specially crafted command. Successful exploitation may allow execution of arbitrary code but requires that the telnet server is enabled, which is not the default setting. A boundary error in the handling of challenge/response messages from an SIP proxy can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code but requires, for example, control of an SIP proxy. Error in the handling of ICMP echo request packets, and within the internal HTTP server when handling HTTP requests can be exploited to cause a device to reboot via an overly large ICMP echo request packet and a specially crafted HTTP request, respectively. The vulnerabilities affect a variety of devices running SCCP and SIP firmwares. The vendor has released firmware updates to resolve these problems. For more information, refer to: http://secunia.com/advisories/28935/ -- Apple has issued Mac OS X 10.5.2, a security update for Mac OS X, which fixes multiple vulnerabilities and weaknesses. These include: An unspecified error within Foundation in Safari's handling of URLs. This can be exploited to cause a memory corruption when a user is enticed to access a specially crafted URL and may allow execution of arbitrary code. A weakness that is due to Launch Services allowing users to start uninstalled applications from a Time Machine Backup. An error in the handling of file:// URLs in Mail, which can be exploited to execute arbitrary applications without warning when a user is enticed to click on a URL within a message. An unspecified error within NFS when handling mbuf chains, which can be exploited to cause a memory corruption and allow system shutdown and potential execution of arbitrary code. A problem within Parental Controls, in which Parental Controls contacts www.apple.com when a site is unblocked, allowing for detection of computers running Parental Controls. An input validation error in Terminal when processing URL schemes, which can be exploited to launch an application with arbitrary command line parameters and may allow execution of arbitrary code when a user visits a specially crafted web page. An error in X11, which causes certain settings ("Allow connections from network client") not to be applied. Other known vulnerabilities in third-party components used by Mac OS X, such as Samba and X11 X Font Server, are also fixed in this release. For more information, refer to: http://secunia.com/advisories/28891/ -- Some vulnerabilities and weaknesses have been fixed in the latest version of Mozilla Firefox, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system. Various errors have been fixed in Firefox's browser engine and Javascript engine, which can be exploited to cause a memory corruption and allow the execution of arbitrary code. A weakness due to a design error within the focus handling and which can potentially be exploited to trick a user into uploading arbitrary files has also been fixed. An error in the handling of images when a user leaves a page, which uses "designMode" frames, can be exploited to disclose the user's navigation history, forward navigation information, and to cause a memory corruption. Successful exploitation of this vulnerability may allow execution of arbitrary code. A design error related to timer-enabled dialogs can be exploited to trick a user into unintentionally confirming a security dialog. A problem in Firefox, which follows "302" redirects for stylesheets and allows reading the target URL via "element.sheet.href", can potentially be exploited to disclose sensitive URL parameters. The vulnerabilities are reported in versions prior to 2.0.0.12. Users are advised to download the updated version immediately. For more information, refer to: http://secunia.com/advisories/28758/ To find out if your home computer is vulnerable to any of these security problems, scan using the free Personal Software Inspector: https://psi.secunia.com/ Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector: http://secunia.com/network/software_inspector/ -- Microsoft released eleven security bulletins for February, three of which have been rated by Secunia as less critical issues, with the rest as highly critical issues. The updates include some Denial of Service conditions for Microsoft Active Directory, and Windows Vista; a privilege escalation and a system compromise issue for Microsoft IIS, two highly critical system compromise vulnerabilities in the Windows operating system, four highly critical vulnerabilities due to parsing and calculation errors in Microsoft Office, and a security update for Internet Explorer. Users are urged to visit Microsoft Update to patch their systems as soon as possible. For more information, refer to: http://secunia.com/advisories/28764/ http://secunia.com/advisories/28828/ http://secunia.com/advisories/28849/ http://secunia.com/advisories/28893/ http://secunia.com/advisories/28894/ http://secunia.com/advisories/28902/ http://secunia.com/advisories/28901/ http://secunia.com/advisories/28903/ http://secunia.com/advisories/28904/ http://secunia.com/advisories/28906/ http://secunia.com/advisories/28909/ To find out if your home computer is vulnerable to any of these security problems, scan using the free Personal Software Inspector: https://psi.secunia.com/ Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector: http://secunia.com/network/software_inspector/ -- VIRUS ALERTS: During the past week Secunia collected 155 virus descriptions from the Antivirus vendors. However, none were deemed MEDIUM risk or higher according to the Secunia assessment scale. ======================================================================== 3) This Weeks Top Ten Most Read Advisories: 1. [SA28835] Linux Kernel "vmsplice()" System Call Vulnerabilities 2. [SA28758] Mozilla Firefox Multiple Vulnerabilities 3. [SA28802] Adobe Reader/Acrobat Multiple Vulnerabilities 4. [SA28851] Adobe Reader/Acrobat 7 Multiple Vulnerabilities 5. [SA28795] Sun JRE Applet Handling Two Vulnerabilities 6. [SA28808] Mozilla Thunderbird Multiple Vulnerabilities 7. [SA28804] UltraVNC vncviewer Multiple Buffer Overflow Vulnerabilities 8. [SA28766] Red Hat update for seamonkey 9. [SA28853] Symantec Ghost Solution Suite Client Command Execution Vulnerability 10. [SA28820] VPN-1 SecuRemote/SecureClient NGX R60 and NGAI R56 Information Disclosure ======================================================================== 4) Vulnerabilities Summary Listing Windows: [SA28909] Microsoft Office Object Parsing Memory Corruption Vulnerability [SA28906] Microsoft Office Publisher File Parsing Vulnerabilities [SA28904] Microsoft Works File Converter File Parsing Vulnerabilities [SA28903] Microsoft Internet Explorer Multiple Vulnerabilities [SA28902] Microsoft Windows OLE Automation Memory Corruption [SA28901] Microsoft Word File Information Block Memory Corruption [SA28894] Microsoft WebDAV Mini-Redirector Pathname Buffer Overflow [SA28893] Microsoft Internet Information Services Code Execution Vulnerability [SA28855] jetAudio ASX Parsing Buffer Overflow Vulnerability [SA28854] Sony ImageStation AxRUploadControl ActiveX Control "SetLogging()" Buffer Overflow [SA28863] SafeNet Sentinel Protection Server/Key Server Directory Traversal Vulnerability [SA28842] Husrev BlackBoard "forumid" SQL Injection Vulnerability [SA28905] RPM Remote Print Manager Service "Receive data file" Buffer Overflow [SA28895] Novell Client NWSPOOL.DLL "EnumPrinters()" Buffer Overflow [SA28890] Larson Network Print Server Format String and Buffer Overflow Vulnerabilities [SA28870] cyan soft Products Format String and Denial of Service Vulnerabilities [SA28945] Adobe RoboHelp Cross-Site Scripting Vulnerability [SA28908] Beyond! Job Board "FKeywords" Cross-Site Scripting Vulnerability [SA28882] Tendenci CMS search.asp Cross-Site Scripting Vulnerabilities [SA28934] Intermate WinIPDS Directory Traversal and Denial of Service Vulnerabilities [SA28862] ExtremeZ-IP File and Print Server Multiple Vulnerabilities [SA28853] Symantec Ghost Solution Suite Client Command Execution Vulnerability [SA28975] Fortinet FortiClient Privilege Escalation Vulnerability [SA28849] Microsoft Internet Information Services Privilege Escalation UNIX/Linux: [SA28956] Debian update for mplayer [SA28948] Gentoo update for gnumeric [SA28939] Fedora update for firefox, seamonkey, and gtkmozembedmm [SA28924] Fedora update for firefox, seamonkey, gtkmozembedmm, and Miro [SA28918] Fedora update for xine-lib [SA28913] Fedora update for clamav [SA28907] ClamAV Multiple Vulnerabilities [SA28898] Gentoo update for gallery [SA28891] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities [SA28888] Red Hat update for java-1.5.0-sun [SA28879] Debian update for xulrunner [SA28877] rPath update for firefox [SA28865] Debian update for icedove [SA28864] Debian update for iceweasel [SA28845] Mandriva update for gd [SA28839] Ubuntu update for firefox [SA28979] FreeBSD update for ipsec [SA28960] Fedora update for glib2 [SA28959] Graphviz GD GIF Handling Buffer Overflow Vulnerability [SA28954] rPath update for tk [SA28930] Debian update for nagios-plugins [SA28915] Fedora update for tomcat5 [SA28911] ikiwiki Two Script Insertion Vulnerabilities [SA28897] Gentoo update for horde-imp [SA28869] rPath update for SDL_image [SA28867] Debian update for tk8.4 [SA28866] Fedora update for graphviz [SA28857] Debian update for tk8.3 [SA28850] Mandriva update for SDL_image [SA28848] Mandriva update for tk [SA28838] SUSE Update for Multiple Packages [SA28837] Debian update for sdl-image1.2 [SA28971] Ubuntu update for kernel [SA28965] HP-UX update for Apache [SA28951] OpenCA Cross-Site Request Forgery Vulnerability [SA28920] Fedora update for wordpress [SA28916] Fedora update for mailman [SA28871] Debian update for phpbb2 [SA28860] rPath update for boost [SA28953] rPath update for openldap [SA28926] OpenLDAP modrdn Denial of Service Vulnerability [SA28914] Fedora update for openldap [SA28952] Gentoo update for pulseaudio [SA28944] Gentoo update for scponly [SA28941] Avaya CMS Sun Solaris X Window System and X Server Vulnerabilities [SA28937] Red Hat update for kernel [SA28933] Ubuntu update for kernel [SA28931] Sun Solaris 10 Language Input Methods Security Issue [SA28925] rPath update for kernel [SA28917] Fedora update for duplicity [SA28912] Fedora update for kernel-xen [SA28896] Fedora update for kernel [SA28889] SUSE update for kernel [SA28885] NX Server X11 Multiple Vulnerabilities [SA28875] Debian update for linux-2.6 [SA28858] Mandriva update for kernel [SA28856] Website META Language Insecure Temporary Files [SA28843] OpenBSD update for X.Org [SA28835] Linux Kernel "vmsplice()" System Call Vulnerabilities [SA28928] FreeBSD "sendfile" Information Disclosure Security Issue [SA28921] Sun Solaris USB Mouse STREAMS Module Local Denial of Service Other: [SA28935] Cisco Unified IP Phone Multiple Vulnerabilities [SA28932] Cisco Unified Communications Manager "key" SQL Injection Cross Platform: [SA28946] Adobe Flash Media Server Edge Server Multiple Vulnerabilities [SA28886] SAPID CMF "last_module" PHP Code Execution [SA28874] Open-Realty "last_module" PHP Code Execution [SA28859] PacerCMS "last_module" PHP Code Execution [SA28851] Adobe Reader/Acrobat 7 Multiple Vulnerabilities [SA28836] PowerNews Multiple Vulnerabilities [SA28969] JSPWiki Multiple Vulnerabilities [SA28950] AuraCMS "albums" SQL Injection Vulnerability [SA28929] iTheora "url" Disclosure of Sensitive Information [SA28927] artmedic weblog Multiple Vulnerabilities [SA28923] PCRE Character Class Buffer Overflow [SA28892] Ajax Simple Chat Script Insertion Vulnerability [SA28887] ITechBids "item_id" SQL Injection Vulnerability [SA28883] Joomla! Rapid Recipe Component Two SQL Injection Vulnerabilities [SA28878] Apache Tomcat Multiple Vulnerabilities [SA28873] Journalness "last_module" PHP Code Execution [SA28872] Cacti Multiple Vulnerabilities [SA28861] Joomla! XML-RPC / Blogger API Vulnerability [SA28847] PHParanoid Cross-Site Request Forgery and Security Bypass [SA28846] IEA Products Management Web Server Memory Corruption Vulnerability [SA28947] Adobe Connect Enterprise Server Flash Media Server Vulnerabilities [SA28919] F-Secure Products CAB and RAR Archives Security Bypass [SA28900] Simple Machines Forum SMF Shoutbox Mod Script Insertion [SA28899] MercuryBoard "message" Cross-Site Scripting [SA28884] Apache Tomcat Cookie Handling Session ID Disclosure [SA28881] Loris Hotel Reservation System "hotel_name" Cross-Site Scripting [SA28876] Drupal Header Image Module Security Bypass Vulnerability [SA28852] Serendipity Freetag Plugin Tag Name Cross-Site Scripting [SA28844] HP Select Identity Multiple Unspecified Vulnerabilities [SA28841] Sift Unity "qt" Cross-Site Scripting [SA28840] MODx Cross-Site Scripting and Cross-Site Request Forgery ======================================================================== 5) Vulnerabilities Content Listing Windows:-- [SA28909] Microsoft Office Object Parsing Memory Corruption Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-12 A vulnerability has been reported in Microsoft Office, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28909/ -- [SA28906] Microsoft Office Publisher File Parsing Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-12 Some vulnerabilities have been reported in Microsoft Office Publisher, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28906/ -- [SA28904] Microsoft Works File Converter File Parsing Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-12 Some vulnerabilities have been reported in Microsoft Office and Microsoft Works, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28904/ -- [SA28903] Microsoft Internet Explorer Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-12 Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28903/ -- [SA28902] Microsoft Windows OLE Automation Memory Corruption Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-12 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28902/ -- [SA28901] Microsoft Word File Information Block Memory Corruption Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-12 A vulnerability has been reported in Microsoft Word, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28901/ -- [SA28894] Microsoft WebDAV Mini-Redirector Pathname Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-12 A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28894/ -- [SA28893] Microsoft Internet Information Services Code Execution Vulnerability Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-02-12 A vulnerability has been reported in Microsoft Internet Information Services (IIS), which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28893/ -- [SA28855] jetAudio ASX Parsing Buffer Overflow Vulnerability Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-11 Laurent Gaffie has discovered a vulnerability in jetAudio, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28855/ -- [SA28854] Sony ImageStation AxRUploadControl ActiveX Control "SetLogging()" Buffer Overflow Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-11 david130490 has discovered a vulnerability in Sony ImageStation AxRUploadControl Object ActiveX control, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28854/ -- [SA28863] SafeNet Sentinel Protection Server/Key Server Directory Traversal Vulnerability Critical: Moderately critical Where: From remote Impact: Exposure of system information, Exposure of sensitive information Released: 2008-02-12 Luigi Auriemma has discovered a vulnerability in SafeNet Sentinel Protection Server and Key Server, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28863/ -- [SA28842] Husrev BlackBoard "forumid" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-02-11 Cr@zy_King has discovered a vulnerability in Husrev BlackBoard, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28842/ -- [SA28905] RPM Remote Print Manager Service "Receive data file" Buffer Overflow Critical: Moderately critical Where: From local network Impact: System access Released: 2008-02-12 Luigi Auriemma has discovered a vulnerability in RPM Remote Print Manager, which potentially can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28905/ -- [SA28895] Novell Client NWSPOOL.DLL "EnumPrinters()" Buffer Overflow Critical: Moderately critical Where: From local network Impact: System access Released: 2008-02-12 A vulnerability has been reported in Novell Client, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28895/ -- [SA28890] Larson Network Print Server Format String and Buffer Overflow Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-02-12 Luigi Auriemma has discovered two vulnerabilities in Larson Network Print Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28890/ -- [SA28870] cyan soft Products Format String and Denial of Service Vulnerabilities Critical: Moderately critical Where: From local network Impact: DoS, System access Released: 2008-02-11 Luigi Auriemma has discovered some vulnerabilities in cyan soft products, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28870/ -- [SA28945] Adobe RoboHelp Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-13 A vulnerability has been reported in RoboHelp, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28945/ -- [SA28908] Beyond! Job Board "FKeywords" Cross-Site Scripting Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-12 Ivan Sanchez and Maximiliano Soler have reported a vulnerability in Beyond! Job Board, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28908/ -- [SA28882] Tendenci CMS search.asp Cross-Site Scripting Vulnerabilities Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-13 Russ McRee has reported some vulnerabilities in Tendenci CMS, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28882/ -- [SA28934] Intermate WinIPDS Directory Traversal and Denial of Service Vulnerabilities Critical: Less critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information, DoS Released: 2008-02-13 Luigi Auriemma has reported some vulnerabilities in Intermate WinIPDS, which can be exploited by malicious people to disclose sensitive information or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28934/ -- [SA28862] ExtremeZ-IP File and Print Server Multiple Vulnerabilities Critical: Less critical Where: From local network Impact: Exposure of system information, Exposure of sensitive information, DoS Released: 2008-02-11 Luigi Auriemma has discovered some vulnerabilities in ExtremeZ-IP File and Print Server, which can be exploited by malicious people to disclose potentially sensitive information or cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28862/ -- [SA28853] Symantec Ghost Solution Suite Client Command Execution Vulnerability Critical: Less critical Where: From local network Impact: System access Released: 2008-02-08 A vulnerability has been reported in Symantec Ghost Solution Suite, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28853/ -- [SA28975] Fortinet FortiClient Privilege Escalation Vulnerability Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-14 Ruben Santamarta has reported a vulnerability in Fortinet FortiClient, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28975/ -- [SA28849] Microsoft Internet Information Services Privilege Escalation Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-12 A vulnerability has been reported in Microsoft Internet Information Services (IIS), which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28849/ UNIX/Linux:-- [SA28956] Debian update for mplayer Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-13 Debian has issued an update for mplayer. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28956/ -- [SA28948] Gentoo update for gnumeric Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-13 Gentoo has issued an update for gnumeric. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28948/ -- [SA28939] Fedora update for firefox, seamonkey, and gtkmozembedmm Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access Released: 2008-02-13 Fedora has issued an update for firefox, seamonkey, and gtkmozembedmm. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or potentially to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28939/ -- [SA28924] Fedora update for firefox, seamonkey, gtkmozembedmm, and Miro Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access Released: 2008-02-13 Fedora has issued an update for firefox, seamonkey, gtkmozembedmm, and Miro. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system. Full Advisory: http://secunia.com/advisories/28924/ -- [SA28918] Fedora update for xine-lib Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-13 Fedora has issued an update for xine-lib. This fixes a vulnerability, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28918/ -- [SA28913] Fedora update for clamav Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-02-13 Fedora has issued an update for clamav. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28913/ -- [SA28907] ClamAV Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-02-12 Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28907/ -- [SA28898] Gentoo update for gallery Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Exposure of sensitive information, System access Released: 2008-02-12 Gentoo has issued an update for gallery. This fixes a weakness and some vulnerabilities, where some have unspecified impacts and others can be exploited by malicious users or malicious people to disclose sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28898/ -- [SA28891] Apple Mac OS X Security Update Fixes Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of system information, Privilege escalation, DoS, System access Released: 2008-02-12 Apple has issued a security update for Mac OS X, which fixes multiple vulnerabilities and weaknesses. Full Advisory: http://secunia.com/advisories/28891/ -- [SA28888] Red Hat update for java-1.5.0-sun Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-12 Red Hat has issued an update for java-1.5.0-sun. This fixes two vulnerabilities, which can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28888/ -- [SA28879] Debian update for xulrunner Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access Released: 2008-02-11 Debian has issued an update for xulrunner. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system. Full Advisory: http://secunia.com/advisories/28879/ -- [SA28877] rPath update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access Released: 2008-02-11 rPath has issued an update for firefox. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system. Full Advisory: http://secunia.com/advisories/28877/ -- [SA28865] Debian update for icedove Critical: Highly critical Where: From remote Impact: Security Bypass, Exposure of sensitive information, DoS, System access Released: 2008-02-11 Debian has issued an update for icedove. This fixes some vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, or potentially to compromise a user's system. Full Advisory: http://secunia.com/advisories/28865/ -- [SA28864] Debian update for iceweasel Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access Released: 2008-02-11 Debian has issued an update for iceweasel. This fixes some weaknesses and vulnerabilities, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system. Full Advisory: http://secunia.com/advisories/28864/ -- [SA28845] Mandriva update for gd Critical: Highly critical Where: From remote Impact: System access, DoS Released: 2008-02-08 Mandriva has issued an update for gd. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/28845/ -- [SA28839] Ubuntu update for firefox Critical: Highly critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Spoofing, Exposure of sensitive information, DoS, System access Released: 2008-02-08 Ubuntu has issued an update for firefox. This fixes some vulnerabilities and weaknesses, which can be exploited by malicious people to disclose sensitive information, bypass certain security restrictions, conduct spoofing attacks, or to compromise a user's system. Full Advisory: http://secunia.com/advisories/28839/ -- [SA28979] FreeBSD update for ipsec Critical: Moderately critical Where: From remote Impact: DoS Released: 2008-02-14 FreeBSD has issued an update for ipsec. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28979/ -- [SA28960] Fedora update for glib2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-14 Fedora has released an update for glib2. This fixes a vulnerability, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28960/ -- [SA28959] Graphviz GD GIF Handling Buffer Overflow Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-13 A vulnerability has been reported in Graphviz, which can potentially be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28959/ -- [SA28954] rPath update for tk Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-13 rPath has issued an update for tk. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/28954/ -- [SA28930] Debian update for nagios-plugins Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-13 Debian has issued an update for nagios-plugins. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28930/ -- [SA28915] Fedora update for tomcat5 Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, Exposure of sensitive information Released: 2008-02-13 Fedora has issued an update for tomcat5. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions, and some vulnerabilities, which can be exploited by malicious people to manipulate certain data or to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28915/ -- [SA28911] ikiwiki Two Script Insertion Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-12 Two vulnerabilities have been reported in ikiwiki, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/28911/ -- [SA28897] Gentoo update for horde-imp Critical: Moderately critical Where: From remote Impact: Security Bypass, Cross Site Scripting, Manipulation of data Released: 2008-02-12 Gentoo has issued an update for horde-imp. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions and manipulate data. Full Advisory: http://secunia.com/advisories/28897/ -- [SA28869] rPath update for SDL_image Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-14 rPath has issued an update for SDL_image. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/28869/ -- [SA28867] Debian update for tk8.4 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-11 Debian has issued an update for tk8.4. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/28867/ -- [SA28866] Fedora update for graphviz Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-13 Fedora has issued an update for graphviz. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28866/ -- [SA28857] Debian update for tk8.3 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-11 Debian has issued an update for tk8.3. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/28857/ -- [SA28850] Mandriva update for SDL_image Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-08 Mandriva has issued an update for SDL_image. This fixes two vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/28850/ -- [SA28848] Mandriva update for tk Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-08 Mandriva has issued an update for tk. This fixes a vulnerability, which can potentially be exploited by malicious people to compromise an application using the library. Full Advisory: http://secunia.com/advisories/28848/ -- [SA28838] SUSE Update for Multiple Packages Critical: Moderately critical Where: From remote Impact: Security Bypass, Manipulation of data, Privilege escalation, DoS, System access Released: 2008-02-08 SUSE has issued an update for multiple packages. This fixes some vulnerabilities, which can be exploited by malicious, local users to gain escalated privileges and cause a DoS (Denial of Service), by malicious users to manipulate data, gain escalated privileges, and cause a DoS, and by malicious people to manipulate data, bypass certain security restrictions, cause a DoS, and potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28838/ -- [SA28837] Debian update for sdl-image1.2 Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-11 Debian has issued an update for sdl-image1.2. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. Full Advisory: http://secunia.com/advisories/28837/ -- [SA28971] Ubuntu update for kernel Critical: Less critical Where: From remote Impact: Unknown, Security Bypass, Manipulation of data, Exposure of sensitive information, DoS Released: 2008-02-14 Ubuntu has issued an update for the kernel. This fixes a security issue and some vulnerabilities, where one has an unknown impact and others can be exploited by malicious, local users to disclose potentially sensitive information, cause a DoS (Denial of Service), bypass certain security restrictions, and corrupt a file system, and by malicious people to cause a DoS. Full Advisory: http://secunia.com/advisories/28971/ -- [SA28965] HP-UX update for Apache Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-14 HP-UX has issued an update for Apache. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28965/ -- [SA28951] OpenCA Cross-Site Request Forgery Vulnerability Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-14 Alexander Klink has reported a vulnerability in OpenCA, which can be exploited by malicious people to conduct cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/28951/ -- [SA28920] Fedora update for wordpress Critical: Less critical Where: From remote Impact: Security Bypass, Manipulation of data Released: 2008-02-13 Fedora has issued an update for wordpress. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions and to manipulate data. Full Advisory: http://secunia.com/advisories/28920/ -- [SA28916] Fedora update for mailman Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-13 Fedora has issued an update for mailman. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/28916/ -- [SA28871] Debian update for phpbb2 Critical: Less critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, System access Released: 2008-02-11 Debian has issued an update for phpbb2. This fixes some vulnerabilities, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/28871/ -- [SA28860] rPath update for boost Critical: Less critical Where: From remote Impact: DoS Released: 2008-02-14 rPath has issued an update for boost. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28860/ -- [SA28953] rPath update for openldap Critical: Less critical Where: From local network Impact: DoS Released: 2008-02-13 rPath has issued an update for openldap. This fixes some vulnerabilities, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28953/ -- [SA28926] OpenLDAP modrdn Denial of Service Vulnerability Critical: Less critical Where: From local network Impact: DoS Released: 2008-02-13 A vulnerability has been reported in OpenLDAP, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28926/ -- [SA28914] Fedora update for openldap Critical: Less critical Where: From local network Impact: DoS Released: 2008-02-13 Fedora has issued an update for openldap. This fixes a vulnerability, which can be exploited by malicious users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28914/ -- [SA28952] Gentoo update for pulseaudio Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-14 Gentoo has issued an update for pulseaudio. This fixes a security issue, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/28952/ -- [SA28944] Gentoo update for scponly Critical: Less critical Where: Local system Impact: Security Bypass Released: 2008-02-13 Gentoo has issued an update for scponly. This fixes a security issue, which can be exploited by malicious, local users to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/28944/ -- [SA28941] Avaya CMS Sun Solaris X Window System and X Server Vulnerabilities Critical: Less critical Where: Local system Impact: Privilege escalation, DoS Released: 2008-02-14 Avaya has acknowledged some vulnerabilities in Avaya CMS, which can be exploited by malicious, local users to cause a DoS (Denial of Service) or to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28941/ -- [SA28937] Red Hat update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-13 Red Hat has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28937/ -- [SA28933] Ubuntu update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-13 Ubuntu has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28933/ -- [SA28931] Sun Solaris 10 Language Input Methods Security Issue Critical: Less critical Where: Local system Impact: Manipulation of data Released: 2008-02-13 A security issue has been reported in Sun Solaris, which can be exploited by malicious, local users to modify certain files or directories. Full Advisory: http://secunia.com/advisories/28931/ -- [SA28925] rPath update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-13 rPath has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28925/ -- [SA28917] Fedora update for duplicity Critical: Less critical Where: Local system Impact: Exposure of sensitive information Released: 2008-02-13 Fedora has issued an update for duplicity. This fixes a security issue, which can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28917/ -- [SA28912] Fedora update for kernel-xen Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-13 Fedora has issued an update for kernel-xen. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28912/ -- [SA28896] Fedora update for kernel Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-02-12 Fedora has issued an update for the kernel. This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges. Full Advisory: http://secunia.com/advisories/28896/ -- [SA28889] SUSE update for kernel Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation Released: 2008-02-12 SUSE has issued an update for the kernel. This fixes a security issue an a vulnerability, which can be exploited by malicious, local users to disclose potentially sensitive information or gain escalated privileges. Full Advisory: http://secunia.com/advisories/28889/ -- [SA28885] NX Server X11 Multiple Vulnerabilities Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-02-12 Some vulnerabilities have been reported in NX Server, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28885/ -- [SA28875] Debian update for linux-2.6 Critical: Less critical Where: Local system Impact: Security Bypass, Exposure of sensitive information, Privilege escalation, DoS Released: 2008-02-12 Debian has issued an update for linux-2.6. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions, cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges. Full Advisory: http://secunia.com/advisories/28875/ -- [SA28858] Mandriva update for kernel Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-12 Mandriva has issued an update for the kernel. This fixes a vulnerability, which can be exploited by malicious, local users to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28858/ -- [SA28856] Website META Language Insecure Temporary Files Critical: Less critical Where: Local system Impact: Privilege escalation Released: 2008-02-08 Some security issues have been reported in Website META Language, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Full Advisory: http://secunia.com/advisories/28856/ -- [SA28843] OpenBSD update for X.Org Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-02-08 OpenBSD has issued an update for X.Org.This fixes some vulnerabilities, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, or to gain escalated privileges. Full Advisory: http://secunia.com/advisories/28843/ -- [SA28835] Linux Kernel "vmsplice()" System Call Vulnerabilities Critical: Less critical Where: Local system Impact: Exposure of sensitive information, Privilege escalation, DoS Released: 2008-02-11 Some vulnerabilities have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service), disclose potentially sensitive information, and gain escalated privileges. Full Advisory: http://secunia.com/advisories/28835/ -- [SA28928] FreeBSD "sendfile" Information Disclosure Security Issue Critical: Not critical Where: Local system Impact: Exposure of sensitive information Released: 2008-02-14 A security issue has been reported in FreeBSD, which potentially can be exploited by malicious, local users to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28928/ -- [SA28921] Sun Solaris USB Mouse STREAMS Module Local Denial of Service Critical: Not critical Where: Local system Impact: DoS Released: 2008-02-13 A vulnerability has been reported in Sun Solaris, which can be exploited by malicious, local users to cause a DoS (Denial of Service). Full Advisory: http://secunia.com/advisories/28921/ Other:-- [SA28935] Cisco Unified IP Phone Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: DoS, System access Released: 2008-02-14 Some vulnerabilities have been reported in Cisco Unified IP Phone models, which can be exploited by malicious users to compromise a vulnerable device or by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable device. Full Advisory: http://secunia.com/advisories/28935/ -- [SA28932] Cisco Unified Communications Manager "key" SQL Injection Critical: Less critical Where: From remote Impact: Manipulation of data Released: 2008-02-14 A vulnerability has been reported in Cisco Unified Communications Manager, which can be exploited by malicious users to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28932/ Cross Platform:-- [SA28946] Adobe Flash Media Server Edge Server Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-13 Some vulnerabilities have been reported in Adobe Flash Media Server, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28946/ -- [SA28886] SAPID CMF "last_module" PHP Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-11 GoLd_M has discovered a vulnerability in SAPID CMF, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28886/ -- [SA28874] Open-Realty "last_module" PHP Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-11 Iron has discovered a vulnerability in Open-Realty, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28874/ -- [SA28859] PacerCMS "last_module" PHP Code Execution Critical: Highly critical Where: From remote Impact: System access Released: 2008-02-11 GoLd_M has discovered a vulnerability in PacerCMS, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28859/ -- [SA28851] Adobe Reader/Acrobat 7 Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Unknown, System access Released: 2008-02-08 Some vulnerabilities have been reported in Adobe Reader/Acrobat, some of which have unknown impacts while others can be exploited by malicious people to compromise a user's system. Full Advisory: http://secunia.com/advisories/28851/ -- [SA28836] PowerNews Multiple Vulnerabilities Critical: Highly critical Where: From remote Impact: Cross Site Scripting, Manipulation of data, Exposure of sensitive information, System access Released: 2008-02-11 Some vulnerabilities and a weakness have been discovered in PowerNews, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting and SQL injection attacks, disclose certain information, and compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28836/ -- [SA28969] JSPWiki Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information, System access Released: 2008-02-14 Moshe BA has discovered some vulnerabilities in JSPWiki, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose potentially sensitive information, and by malicious users to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28969/ -- [SA28950] AuraCMS "albums" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-02-13 DNX has discovered a vulnerability in AuraCMS, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28950/ -- [SA28929] iTheora "url" Disclosure of Sensitive Information Critical: Moderately critical Where: From remote Impact: Exposure of sensitive information Released: 2008-02-14 A vulnerability has been reported in iTheora, which can be exploited by malicious people to disclose potentially sensitive information. Full Advisory: http://secunia.com/advisories/28929/ -- [SA28927] artmedic weblog Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Exposure of system information, Exposure of sensitive information Released: 2008-02-13 muuratsalo has discovered some vulnerabilities in artmedic weblog, which can be exploited by malicious people to conduct cross-site scripting attacks or to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28927/ -- [SA28923] PCRE Character Class Buffer Overflow Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-14 A vulnerability has been reported in PCRE, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. Full Advisory: http://secunia.com/advisories/28923/ -- [SA28892] Ajax Simple Chat Script Insertion Vulnerability Critical: Moderately critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-12 Aria-Security Team has reported a vulnerability in Ajax Simple Chat, which can be exploited by malicious people to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/28892/ -- [SA28887] ITechBids "item_id" SQL Injection Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-02-11 SoSo H H has reported a vulnerability in ITechBids, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28887/ -- [SA28883] Joomla! Rapid Recipe Component Two SQL Injection Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-02-12 breaker_unit has discovered two vulnerabilities in the Rapid Recipe component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks. Full Advisory: http://secunia.com/advisories/28883/ -- [SA28878] Apache Tomcat Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Manipulation of data, Exposure of sensitive information Released: 2008-02-11 Some vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to manipulate certain data or to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28878/ -- [SA28873] Journalness "last_module" PHP Code Execution Critical: Moderately critical Where: From remote Impact: System access Released: 2008-02-11 Iron has discovered a vulnerability in Journalness, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28873/ -- [SA28872] Cacti Multiple Vulnerabilities Critical: Moderately critical Where: From remote Impact: Cross Site Scripting, Manipulation of data Released: 2008-02-12 Some vulnerabilities have been reported in Cacti, which can be exploited by malicious people to conduct HTTP response splitting, cross-site scripting, and SQL injection attacks. Full Advisory: http://secunia.com/advisories/28872/ -- [SA28861] Joomla! XML-RPC / Blogger API Vulnerability Critical: Moderately critical Where: From remote Impact: Manipulation of data Released: 2008-02-11 A vulnerability has been reported in Joomla!, which can be exploited by malicious people to manipulate certain data. Full Advisory: http://secunia.com/advisories/28861/ -- [SA28847] PHParanoid Cross-Site Request Forgery and Security Bypass Critical: Moderately critical Where: From remote Impact: Unknown, Security Bypass, Cross Site Scripting Released: 2008-02-14 Some vulnerabilities have been reported in PHParanoid, which can be exploited by malicious people to conduct cross-site request forgery attacks and to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/28847/ -- [SA28846] IEA Products Management Web Server Memory Corruption Vulnerability Critical: Moderately critical Where: From remote Impact: DoS, System access Released: 2008-02-11 Luigi Auriemma has discovered a vulnerability in various IEA Products, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28846/ -- [SA28947] Adobe Connect Enterprise Server Flash Media Server Vulnerabilities Critical: Moderately critical Where: From local network Impact: System access Released: 2008-02-13 Some vulnerabilities have been reported in Adobe Connect Enterprise Server, which can be exploited by malicious people to compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28947/ -- [SA28919] F-Secure Products CAB and RAR Archives Security Bypass Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-02-13 A vulnerability has been reported in various F-Secure products, which can be exploited by malware to bypass the scanning functionality. Full Advisory: http://secunia.com/advisories/28919/ -- [SA28900] Simple Machines Forum SMF Shoutbox Mod Script Insertion Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-12 enterth3dragon has discovered a vulnerability in the SMF Shoutbox mod for Simple Machines Forum, which can be exploited by malicious users to conduct script insertion attacks. Full Advisory: http://secunia.com/advisories/28900/ -- [SA28899] MercuryBoard "message" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-12 Aria-Security Team have discovered a vulnerability in MercuryBoard, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28899/ -- [SA28884] Apache Tomcat Cookie Handling Session ID Disclosure Critical: Less critical Where: From remote Impact: Exposure of sensitive information Released: 2008-02-11 Two vulnerabilities have been reported in Apache Tomcat, which can be exploited by malicious people to disclose sensitive information. Full Advisory: http://secunia.com/advisories/28884/ -- [SA28881] Loris Hotel Reservation System "hotel_name" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-11 Russ McRee has reported a vulnerability in Loris Hotel Reservation System, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28881/ -- [SA28876] Drupal Header Image Module Security Bypass Vulnerability Critical: Less critical Where: From remote Impact: Security Bypass Released: 2008-02-14 A vulnerability has been reported in the Header Image module for Drupal, which can be exploited by malicious people to bypass certain security restrictions. Full Advisory: http://secunia.com/advisories/28876/ -- [SA28852] Serendipity Freetag Plugin Tag Name Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-11 Alexander Brachmann has reported a vulnerability in the Freetag plugin for Serendipity, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28852/ -- [SA28844] HP Select Identity Multiple Unspecified Vulnerabilities Critical: Less critical Where: From remote Impact: Security Bypass, System access Released: 2008-02-08 Some vulnerabilities have been reported in HP Select Identity, which can be exploited by malicious users to bypass certain security restrictions or potentially compromise a vulnerable system. Full Advisory: http://secunia.com/advisories/28844/ -- [SA28841] Sift Unity "qt" Cross-Site Scripting Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-08 Russ McRee has reported a vulnerability in Sift Unity, which can be exploited by malicious people to conduct cross-site scripting attacks. Full Advisory: http://secunia.com/advisories/28841/ -- [SA28840] MODx Cross-Site Scripting and Cross-Site Request Forgery Critical: Less critical Where: From remote Impact: Cross Site Scripting Released: 2008-02-08 Alexandr Polyakov and Stas Svistunovich have discovered some vulnerabilities in MODx, which can be exploited by malicious people to conduct cross-site scripting and cross-site request forgery attacks. Full Advisory: http://secunia.com/advisories/28840/ ======================================================================== Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Subscribe: http://secunia.com/secunia_weekly_summary/ Contact details: Web : http://secunia.com/ E-mail : support@private Tel : +45 70 20 51 44 Fax : +45 70 20 51 45 ___________________________________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Fri Feb 15 2008 - 00:18:11 PST