[ISN] Secunia Weekly Summary - Issue: 2008-12

From: InfoSec News (alerts@private)
Date: Fri Mar 21 2008 - 00:11:59 PST


========================================================================

                  The Secunia Weekly Advisory Summary                  
                        2008-03-13 - 2008-03-20                        

                       This week: 58 advisories                        

========================================================================
Table of Contents:

1.....................................................Word From Secunia
2....................................................This Week In Brief
3...............................This Weeks Top Ten Most Read Advisories
4.......................................Vulnerabilities Summary Listing
5.......................................Vulnerabilities Content Listing

========================================================================
1) Word From Secunia:

Secunia invites you to join us in the biggest IT Expo event of the year
- the RSA Conference in the Moscone Center, San Francisco, California
from 7 to 11 April 2008. If you are interested in going to the expo
exhibit and meeting us, please contact your Secunia Account Executive
for a FREE EXPO PASS!

========================================================================
2) This Week in Brief:

Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

For more information, refer to:
http://secunia.com/advisories/29420/

--

Some vulnerabilities have been reported in Kerberos, which can be
exploited by malicious people to disclose potentially sensitive
information, cause a DoS (Denial of Service), or potentially compromise
a vulnerable system.

For more information, refer to:
http://secunia.com/advisories/29428/

--

Some vulnerabilities have been reported in WinRAR, which potentially
can be exploited by malicious people to compromise a vulnerable
system.

For more information, refer to:
http://secunia.com/advisories/29407/

To find out if your home computer is vulnerable to these security
problems, scan using the free Personal Software Inspector. Check if a
vulnerable version is installed on computers in your corporate network,
using the Network Software Inspector.

Download the Secunia PSI:
https://psi.secunia.com/

 --

VIRUS ALERTS:

During the past week Secunia collected 221 virus descriptions from the
Antivirus vendors. However, none were deemed MEDIUM risk or higher
according to the Secunia assessment scale.

========================================================================
3) This Weeks Top Ten Most Read Advisories:

1.  [SA29337] McAfee ePolicy Orchestrator Framework Service Format
              String Vulnerability
2.  [SA29378] Invision Power Board Nested BBCodes Script Insertion
3.  [SA29382] MDaemon IMAP Server "FETCH" Command Buffer Overflow
4.  [SA29339] Fully Modded phpBB "k" SQL Injection Vulnerability
5.  [SA29360] IBM WebSphere MQ for HP NonStop Missing Authentication
6.  [SA29368] Sun Solaris JDS XscreenSaver Authentication Bypass
7.  [SA29309] Gentoo update for sarg
8.  [SA29375] Fedora update for roundup
9.  [SA29372] EasyGallery SQL Injection and Cross-Site Scripting
10. [SA29329] Mapbender SQL and PHP Code Injection

========================================================================
4) Vulnerabilities Summary Listing

Windows:
[SA29437] BusinessObjects "RptViewerAX" ActiveX Control Buffer Overflow
Vulnerability
[SA29408] CA BrightStor ARCserve Backup "ListCtrl" ActiveX Control
Buffer Overflow
[SA29407] WinRAR Multiple Unspecified Vulnerabilities
[SA29433] KAPhotoservice "albumid" SQL Injection Vulnerability
[SA29419] Home FTP Server Passive Mode Denial of Service
[SA29382] MDaemon IMAP Server "FETCH" Command Buffer Overflow
[SA29404] BootManage TFTP Server Buffer Overflow Vulnerability

UNIX/Linux:
[SA29451] Red Hat update for krb5
[SA29450] Red Hat update for krb5
[SA29444] Gentoo update for moinmoin
[SA29438] Ubuntu update for krb5
[SA29435] Debian update for krb5
[SA29428] Kerberos Multiple Vulnerabilities
[SA29426] Asterisk Multiple Vulnerabilities
[SA29424] SUSE update for krb5
[SA29423] Red Hat update for krb5
[SA29420] Mac OS X Security Update Fixes Multiple Vulnerabilities
[SA29393] Apple Safari Multiple Vulnerabilities
[SA29440] Red Hat update for unzip
[SA29432] Debian update for unzip
[SA29427] Mandriva update for unzip
[SA29415] UnZip "inflate_dynamic()" Uninitialized Pointers
Vulnerability
[SA29400] Debian update for horde3
[SA29396] Gentoo update for dovecot
[SA29385] Debian update for dovecot
[SA29379] Avaya CMS Solaris Firewall Security Bypass and Denial of
Service
[SA29448] SUSE update for cups
[SA29431] CUPS CGI Buffer Overflow Vulnerability
[SA29405] Debian update for smarty
[SA29403] Debian update for lighttpd
[SA29388] Ubuntu update for mailman
[SA29383] ZABBIX "vfs.file.cksum" Denial of Service Vulnerability
[SA29387] Red Hat update for kernel
[SA29442] HP StorageWorks Library and Tape Tools (LTT) on HP-UX
Security Bypass
[SA29425] Gentoo update for acroread
[SA29395] Debian update for ldapscripts
[SA29449] Asterisk Predictable HTTP Manager ID Weakness
[SA29418] Sun Solaris "rpc.metad" Denial of Service

Other:
[SA29394] CheckPoint VPN-1 IP Address Collision Security Issue
[SA29401] RaidSonic ICY BOX NAS-4220-B Insecure Storage of Encryption
Key

Cross Platform:
[SA29422] PHPauction GPL "include_path" File Inclusion Vulnerabilities
[SA29417] fuzzylime (cms) "admindir" File Inclusion Vulnerability
[SA29397] F-Secure Archives Handling Unspecified Vulnerabilities
[SA29430] Easy-Clanpage "id" SQL Injection Vulnerability
[SA29429] Joomla Acajoom PRO Component "mailingid" SQL Injection
[SA29421] MG-SOFT Net Inspector Multiple Vulnerabilities
[SA29411] phpBP "id" SQL Injection Vulnerability
[SA29398] Serendipity Security Bypass and Script Insertion
Vulnerabilities
[SA29390] eXV2 WebChat Module "roomid" SQL Injection
[SA29389] eXV2 Viso Module "kid" SQL Injection Vulnerability
[SA29384] eXV2 myannonces Module "lid" SQL Injection
[SA29441] ManageEngine SupportCenter Plus "searchText" Cross-Site
Scripting
[SA29416] Multiple Time Sheets "tab" Cross-Site Scripting
[SA29413] VMware Products Multiple Vulnerabilities
[SA29412] VMware Server Multiple Vulnerabilities
[SA29409] Novell GroupWise Windows Client API Security Bypass
[SA29380] eForum "busca.php" Cross-Site Scripting
[SA29378] Invision Power Board Nested BBCodes Script Insertion

========================================================================
5) Vulnerabilities Content Listing

Windows:--

[SA29437] BusinessObjects "RptViewerAX" ActiveX Control Buffer Overflow
Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-03-19

Will Dormann has reported a vulnerability in BusinessObjects, which can
be exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/29437/

 --

[SA29408] CA BrightStor ARCserve Backup "ListCtrl" ActiveX Control
Buffer Overflow

Critical:    Highly critical
Where:       From remote
Impact:      System access
Released:    2008-03-17

Krystian Kloskowski has reported a vulnerability in CA BrightStor
ARCserve Backup for Laptops & Desktops, which can be exploited by
malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/29408/

 --

[SA29407] WinRAR Multiple Unspecified Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-03-19

Some vulnerabilities have been reported in WinRAR, which can
potentially be exploited by malicious people to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/29407/

 --

[SA29433] KAPhotoservice "albumid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-03-19

JosS has reported a vulnerability in KAPhotoservice, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/29433/

 --

[SA29419] Home FTP Server Passive Mode Denial of Service

Critical:    Moderately critical
Where:       From remote
Impact:      DoS
Released:    2008-03-18

0in has discovered a vulnerability in Home FTP Server, which can be
exploited by malicious users to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/29419/

 --

[SA29382] MDaemon IMAP Server "FETCH" Command Buffer Overflow

Critical:    Moderately critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-03-14

Matteo Memelli has discovered a vulnerability in MDaemon, which can be
exploited by malicious users to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29382/

 --

[SA29404] BootManage TFTP Server Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      System access
Released:    2008-03-17

Luigi Auriemma has discovered a vulnerability in BootManage TFTP
Server, which can be exploited by malicious people to compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/29404/


UNIX/Linux:--

[SA29451] Red Hat update for krb5

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-03-19

Red Hat has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29451/

 --

[SA29450] Red Hat update for krb5

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-03-19

Red Hat has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29450/

 --

[SA29444] Gentoo update for moinmoin

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, DoS, System access
Released:    2008-03-19

Gentoo has issued an update for moinmoin. This fixes some
vulnerabilities, which can be exploited by malicious people to conduct
cross-site scripting attacks, bypass security restrictions, manipulate
certain data, or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29444/

 --

[SA29438] Ubuntu update for krb5

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-03-19

Ubuntu has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29438/

 --

[SA29435] Debian update for krb5

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-03-19

Debian has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29435/

 --

[SA29428] Kerberos Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-03-19

Some vulnerabilities have been reported in Kerberos, which can be
exploited by malicious people to disclose potentially sensitive
information, cause a DoS (Denial of Service), or potentially compromise
a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29428/

 --

[SA29426] Asterisk Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, DoS, System access
Released:    2008-03-19

Some vulnerabilities have been reported in Asterisk, which can be
exploited by malicious people to bypass certain security restrictions,
cause a DoS (Denial of Service), and potentially compromise a
vulnerable system.

Full Advisory:
http://secunia.com/advisories/29426/

 --

[SA29424] SUSE update for krb5

Critical:    Highly critical
Where:       From remote
Impact:      System access, DoS, Exposure of sensitive information
Released:    2008-03-19

SUSE has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29424/

 --

[SA29423] Red Hat update for krb5

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of sensitive information, DoS, System access
Released:    2008-03-19

Red Hat has issued an update for krb5. This fixes some vulnerabilities,
which can be exploited by malicious people to disclose potentially
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29423/

 --

[SA29420] Mac OS X Security Update Fixes Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Unknown, Security Bypass, Cross Site Scripting, Spoofing,
Exposure of sensitive information, Privilege escalation, DoS, System
access
Released:    2008-03-19

Apple has issued a security update for Mac OS X, which fixes multiple
vulnerabilities.

Full Advisory:
http://secunia.com/advisories/29420/

 --

[SA29393] Apple Safari Multiple Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting, Exposure of
sensitive information, System access
Released:    2008-03-19

Some vulnerabilities have been reported in Safari, which can be
exploited by malicious people to bypass certain security restrictions,
conduct cross-site scripting attacks, or to compromise a vulnerable
system.

Full Advisory:
http://secunia.com/advisories/29393/

 --

[SA29440] Red Hat update for unzip

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-03-19

Red Hat has issued an update for unzip. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/29440/

 --

[SA29432] Debian update for unzip

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-03-18

Debian has issued an update for unzip. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/29432/

 --

[SA29427] Mandriva update for unzip

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-03-19

Mandriva has issued an update for unzip. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.

Full Advisory:
http://secunia.com/advisories/29427/

 --

[SA29415] UnZip "inflate_dynamic()" Uninitialized Pointers
Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      System access
Released:    2008-03-18

A vulnerability has been reported in UnZip, which potentially can be
exploited by malicious people to compromise a user's system.

Full Advisory:
http://secunia.com/advisories/29415/

 --

[SA29400] Debian update for horde3

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-03-17

Debian has issued an update for horde3. This fixes a vulnerability,
which can be exploited by malicious users to disclose sensitive
information and potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29400/

 --

[SA29396] Gentoo update for dovecot

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-03-18

Gentoo has issued an update for dovecot. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/29396/

 --

[SA29385] Debian update for dovecot

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-03-17

Debian has issued an update for dovecot. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/29385/

 --

[SA29379] Avaya CMS Solaris Firewall Security Bypass and Denial of
Service

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, DoS
Released:    2008-03-17

Avaya has acknowledged a vulnerability in Avaya CMS, which can be
exploited by malicious people to bypass certain security restrictions
and cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/29379/

 --

[SA29448] SUSE update for cups

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-03-19

SUSE has issued an update for cups. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29448/

 --

[SA29431] CUPS CGI Buffer Overflow Vulnerability

Critical:    Moderately critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-03-19

A vulnerability has been reported in CUPS, which can be exploited by
malicious people to cause a DoS (Denial of Service) or to potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29431/

 --

[SA29405] Debian update for smarty

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass
Released:    2008-03-17

Debian has issued an update for smarty. This fixes a vulnerability,
which can be exploited by malicious people to bypass certain security
restrictions.

Full Advisory:
http://secunia.com/advisories/29405/

 --

[SA29403] Debian update for lighttpd

Critical:    Less critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information
Released:    2008-03-17

Debian has issued an update for lighttpd. This fixes a security issue,
which can be exploited by malicious people to disclose potentially
sensitive information.

Full Advisory:
http://secunia.com/advisories/29403/

 --

[SA29388] Ubuntu update for mailman

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-03-17

Ubuntu has issued an update for mailman. This fixes a vulnerability,
which can be exploited by malicious users to conduct script insertion
attacks.

Full Advisory:
http://secunia.com/advisories/29388/

 --

[SA29383] ZABBIX "vfs.file.cksum" Denial of Service Vulnerability

Critical:    Less critical
Where:       From remote
Impact:      DoS
Released:    2008-03-14

Milen Rangelov has discovered a vulnerability in ZABBIX, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/29383/

 --

[SA29387] Red Hat update for kernel

Critical:    Less critical
Where:       From local network
Impact:      DoS, System access
Released:    2008-03-14

Red Hat has issued an update for the kernel. This fixes a
vulnerability,  which can be exploited by malicious people to cause a
DoS (Denial of Service) or potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29387/

 --

[SA29442] HP StorageWorks Library and Tape Tools (LTT) on HP-UX
Security Bypass

Critical:    Less critical
Where:       Local system
Impact:      Security Bypass
Released:    2008-03-19

HP has acknowledged a vulnerability in HP StorageWorks Library and Tape
Tools (LTT), which can be exploited by malicious, local users to bypass
certain security restrictions.

Full Advisory:
http://secunia.com/advisories/29442/

 --

[SA29425] Gentoo update for acroread

Critical:    Less critical
Where:       Local system
Impact:      Privilege escalation
Released:    2008-03-19

Gentoo has issued an update for acroread. This fixes a security issue,
which can be exploited by malicious, local users to perform certain
actions with escalated privileges.

Full Advisory:
http://secunia.com/advisories/29425/

 --

[SA29395] Debian update for ldapscripts

Critical:    Less critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2008-03-17

Debian has issued an update for ldapscripts. This fixes a security
issue, which can be exploited by malicious, local users to disclose
sensitive information.

Full Advisory:
http://secunia.com/advisories/29395/

 --

[SA29449] Asterisk Predictable HTTP Manager ID Weakness

Critical:    Not critical
Where:       From local network
Impact:      Hijacking
Released:    2008-03-19

Dino A. Dai Zovi has reported a weakness in Asterisk, which can be
exploited by malicious people to hijack a user session.

Full Advisory:
http://secunia.com/advisories/29449/

 --

[SA29418] Sun Solaris "rpc.metad" Denial of Service

Critical:    Not critical
Where:       From local network
Impact:      DoS
Released:    2008-03-18

Kingcope has reported a vulnerability in Solaris, which can be
exploited by malicious people to cause a DoS (Denial of Service).

Full Advisory:
http://secunia.com/advisories/29418/


Other:--

[SA29394] CheckPoint VPN-1 IP Address Collision Security Issue

Critical:    Less critical
Where:       From local network
Impact:      Exposure of sensitive information, DoS
Released:    2008-03-18

Robert Mitchell has reported a security issue in CheckPoint VPN-1,
which can lead to a DoS (Denial of Service) or disclosure of sensitive
information.

Full Advisory:
http://secunia.com/advisories/29394/

 --

[SA29401] RaidSonic ICY BOX NAS-4220-B Insecure Storage of Encryption
Key

Critical:    Not critical
Where:       Local system
Impact:      Exposure of sensitive information
Released:    2008-03-19

Collin Mulliner has reported a security issue in RaidSonic NAS-4220-B,
which can be exploited by malicious people with physical access to the
device to disclose potentially sensitive information.

Full Advisory:
http://secunia.com/advisories/29401/


Cross Platform:--

[SA29422] PHPauction GPL "include_path" File Inclusion Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-03-18

RoMaNcYxHaCkEr has discovered some vulnerabilities in PHPauction GPL,
which can be exploited by malicious people to disclose sensitive
information or to compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29422/

 --

[SA29417] fuzzylime (cms) "admindir" File Inclusion Vulnerability

Critical:    Highly critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, System access
Released:    2008-03-17

irk4z has discovered a vulnerability in fuzzylime (cms), which can be
exploited by malicious people to disclose sensitive information or to
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29417/

 --

[SA29397] F-Secure Archives Handling Unspecified Vulnerabilities

Critical:    Highly critical
Where:       From remote
Impact:      DoS, System access
Released:    2008-03-17

Some vulnerabilities have been reported in various F-Secure products,
which can be exploited by malicious people to cause a DoS (Denial of
Service) or to potentially compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29397/

 --

[SA29430] Easy-Clanpage "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-03-19

n3w7u has discovered a vulnerability in Easy-Clanpage, which can be
exploited by malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/29430/

 --

[SA29429] Joomla Acajoom PRO Component "mailingid" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data, Exposure of sensitive information
Released:    2008-03-19

fataku has reported a vulnerability in the Acajoom PRO component for
Joomla!, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/29429/

 --

[SA29421] MG-SOFT Net Inspector Multiple Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Exposure of system information, Exposure of sensitive
information, DoS, System access
Released:    2008-03-17

Luigi Auriemma has discovered some vulnerabilities in MG-SOFT Net
Inspector, which can be exploited by malicious people to disclose
sensitive information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.

Full Advisory:
http://secunia.com/advisories/29421/

 --

[SA29411] phpBP "id" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-03-17

irk4z has reported a vulnerability in phpBP, which can be exploited by
malicious people to conduct SQL injection attacks.

Full Advisory:
http://secunia.com/advisories/29411/

 --

[SA29398] Serendipity Security Bypass and Script Insertion
Vulnerabilities

Critical:    Moderately critical
Where:       From remote
Impact:      Security Bypass, Cross Site Scripting
Released:    2008-03-18

Two vulnerabilities have been reported in Serendipity, which can be
exploited by malicious people to conduct script insertion attacks and
bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/29398/

 --

[SA29390] eXV2 WebChat Module "roomid" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-03-17

S@BUN has discovered a vulnerability in the WebChat module for eXV2,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/29390/

 --

[SA29389] eXV2 Viso Module "kid" SQL Injection Vulnerability

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-03-17

S@BUN has discovered a vulnerability in the Viso (Industry Book) module
for eXV2, which can be exploited by malicious people to conduct SQL
injection attacks.

Full Advisory:
http://secunia.com/advisories/29389/

 --

[SA29384] eXV2 myannonces Module "lid" SQL Injection

Critical:    Moderately critical
Where:       From remote
Impact:      Manipulation of data
Released:    2008-03-17

S@BUN has discovered a vulnerability in the myannonces module for eXV2,
which can be exploited by malicious people to conduct SQL injection
attacks.

Full Advisory:
http://secunia.com/advisories/29384/

 --

[SA29441] ManageEngine SupportCenter Plus "searchText" Cross-Site
Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-03-19

Yogesh Kulkarni has reported a vulnerability in ManageEngine
SupportCenter Plus, which can be exploited by malicious people to
conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/29441/

 --

[SA29416] Multiple Time Sheets "tab" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-03-17

JosS has discovered a vulnerability in Multiple Time Sheets (MTS),
which can be exploited by malicious people to conduct cross-site
scripting attacks.

Full Advisory:
http://secunia.com/advisories/29416/

 --

[SA29413] VMware Products Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Privilege escalation, DoS
Released:    2008-03-17

Some vulnerabilities have been reported in VMware products, which can
be exploited by malicious, local users to gain escalated privileges or
to cause a DoS (Denial of Service), and potentially by malicious people
to bypass certain security restrictions or to cause a DoS.

Full Advisory:
http://secunia.com/advisories/29413/

 --

[SA29412] VMware Server Multiple Vulnerabilities

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Privilege escalation, DoS
Released:    2008-03-17

Some vulnerabilities have been reported in VMware Server, which can be
exploited by malicious, local users to gain escalated privileges or to
cause a DoS (Denial of Service), and potentially by malicious people to
bypass certain security restrictions or to cause a DoS.

Full Advisory:
http://secunia.com/advisories/29412/

 --

[SA29409] Novell GroupWise Windows Client API Security Bypass

Critical:    Less critical
Where:       From remote
Impact:      Security Bypass, Exposure of sensitive information
Released:    2008-03-17

A vulnerability has been reported in Novell GroupWise, which can be
exploited by malicious users to bypass certain security restrictions.

Full Advisory:
http://secunia.com/advisories/29409/

 --

[SA29380] eForum "busca.php" Cross-Site Scripting

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-03-18

Omni has discovered two vulnerabilities in eForum, which can be
exploited by malicious people to conduct cross-site scripting attacks.

Full Advisory:
http://secunia.com/advisories/29380/

 --

[SA29378] Invision Power Board Nested BBCodes Script Insertion

Critical:    Less critical
Where:       From remote
Impact:      Cross Site Scripting
Released:    2008-03-14

A vulnerability has been reported in Invision Power Board, which can be
exploited by malicious people to conduct script insertion attacks.

Full Advisory:
http://secunia.com/advisories/29378/



========================================================================

Secunia recommends that you verify all advisories you receive,
by clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only use
those supplied by the vendor.

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Subscribe:
http://secunia.com/secunia_weekly_summary/

Contact details:
Web	: http://secunia.com/
E-mail	: support@private
Tel	: +45 70 20 51 44
Fax	: +45 70 20 51 45


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Fri Mar 21 2008 - 00:21:35 PST